CVE-2016-1524

EPSS 67.6%
Published 13.02.2016 02:59:09
Last modified 12.04.2025 10:46:40
Source cret@cert.org
Teams watchlist Login
Open Login

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.

Affected products Warnungen 0 Metrics 3 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ Prosafe Network Management Software 300 Version <= 1.5.0.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	67.6%	0.985

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.6	2.8	6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	8.3	6.5	10	AV:A/AC:L/Au:N/C:C/I:C/A:C

http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html

http://seclists.org/fulldisclosure/2016/Feb/30

http://www.kb.cert.org/vuls/id/777024

Third Party Advisory

US Government Resource

http://www.securityfocus.com/archive/1/537446/100/0/threaded

https://www.exploit-db.com/exploits/39412/

https://nvd.nist.gov/vuln/detail/CVE-2016-1524

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1524

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1524

EUVD