9.6

CVE-2016-1524

EPSS 67.6%
Veröffentlicht 13.02.2016 02:59:09
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ Prosafe Network Management Software 300 Version <= 1.5.0.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	67.6%	0.985

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.6	2.8	6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	8.3	6.5	10	AV:A/AC:L/Au:N/C:C/I:C/A:C

http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html

http://seclists.org/fulldisclosure/2016/Feb/30

http://www.kb.cert.org/vuls/id/777024

Third Party Advisory

US Government Resource

http://www.securityfocus.com/archive/1/537446/100/0/threaded

https://www.exploit-db.com/exploits/39412/

https://nvd.nist.gov/vuln/detail/CVE-2016-1524

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1524

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1524

EUVD