CVE-2016-1525

Published on: 02/12/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:05 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Certain versions of Prosafe Network Management Software 300 from Netgear contain the following vulnerability:

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.

  • CVE-2016-1525 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.6 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED HIGH NONE NONE

CVSS2 Score: 7.8 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE NONE NONE

CVE References

Description Tags Link
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload ≈ Packet Storm packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/135999/NETGEAR-ProSafe-Network-Management-System-300-Arbitrary-File-Upload.html
SecurityFocus www.securityfocus.com
text/html
URL Logo BUGTRAQ 20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300
Full Disclosure: [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300 seclists.org
text/html
URL Logo FULLDISC 20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300
NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities - Hardware webapps Exploit www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 39412
Netgear NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit) - Windows remote Exploit www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 39515
Vulnerability Note VU#777024 - Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities Third Party Advisory
US Government Resource
www.kb.cert.org
text/html
URL Logo CERT-VN VU#777024
CVE-2016-1525 NETGEAR ProSafe Network Management System 300 Arbitrary File Upload | Rapid7 www.rapid7.com
text/html
URL Logo MISC www.rapid7.com/db/modules/exploit/windows/http/netgear_nms_rce
Netgear Pro NMS 300 Code Execution / File Download ≈ Packet Storm packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationNetgearProsafe Network Management Software 3001.5.0.11AllAllAll
ApplicationNetgearProsafe Network Management Software 3001.5.0.11AllAllAll
  • cpe:2.3:a:netgear:prosafe_network_management_software_300:1.5.0.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:netgear:prosafe_network_management_software_300:1.5.0.11:*:*:*:*:*:*:*: