Podatność CVE-2016-1525

Podatność CVE-2016-1525

Publikacja: 2016-02-12 Modyfikacja: 2016-02-13

Opis:

	Tytuł	Autor	Data
High	Netgear Pro NMS 300 Code Execution / File Download	Pedro Ribeiro	07.02.2016
High	NETGEAR ProSafe Network Management System 300 Arbitrary File Upload	Pedro Ribeiro	01.03.2016

Typ:

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

Ogólna skala CVSS	Znaczenie	Łatwość wykorzystania
7.8/10	6.9/10	10/10

Affected software
Netgear -> Prosafe netgear management system 300
Netgear -> Prosafe network management software 300

http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html

http://packetstormsecurity.com/files/135999/NETGEAR-ProSafe-Network-Management-System-300-Arbitrary-File-Upload.html

http://seclists.org/fulldisclosure/2016/Feb/30

http://www.kb.cert.org/vuls/id/777024

http://www.rapid7.com/db/modules/exploit/windows/http/netgear_nms_rce

http://www.securityfocus.com/archive/1/537446/100/0/threaded

https://www.exploit-db.com/exploits/39412/

https://www.exploit-db.com/exploits/39515/