CVE Vulnerabilities

CVE-2016-1524

Published: Feb 13, 2016 | Modified: Oct 09, 2018
CVSS 3.x
9.6
CRITICAL
Source:
NVD
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS 2.x
8.3 HIGH
AV:A/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.

Affected Software

Name Vendor Start Version End Version
Prosafe_network_management_software_300 Netgear * 1.5.0.11 (including)

References