RSS   Vulnerabilities for
'Prosafe network management system'
   RSS

2021-03-29
 
CVE-2021-27276

CWE-22
 

 
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the MibController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12122.

 
 
CVE-2021-27275

CWE-22
 

 
This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ConfigFileController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-12125.

 
 
CVE-2021-27274

CWE-434
 

 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12124.

 
 
CVE-2021-27273

CWE-78
 

 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. When parsing the fileName parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12121.

 
 
CVE-2021-27272

CWE-22
 

 
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ReportTemplateController class. When parsing the path parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12123.

 

 >>> Vendor: Netgear 101 Products
Me102
Rp114
Rt314
Fm114p
Fvs318
Rm356
Rt338
Wg602
Rt311
Wgt624
Netgear router
Fvg318
Dg834gt
Wg111v2 driver
Wg111v2
Ma521 driver
Wg311v1
Readynas raidiator
Ssl312
Wn802t
Wgr614
Wndap330 firmware
Dg632
Dg632 firmware
Prosafe wnap210 firmware
Prosafe wnap210
Prosafe fvs318n
Raidiator
Prosafe gs510tp
Prosafe gs724t
Prosafe gs725ts
Prosafe gs728tps
Prosafe gs728ts
Prosafe gs728txs
Prosafe gs748t
Prosafe gs752tps
Prosafe gs752txs
Prosafe s716t
Prosafe firmware
Wndr4700
Wndr4700 firmware
Gs108pe
Gs108pe firmware
Mr-adsl-dg834
Wnr1000v3
Wnr1000v3 firmware
Prosafe netgear management system 300
Prosafe network management software 300
D3600 firmware
D6000 firmware
Readynas surveillance
R6250 firmware
R6900 firmware
R7900 firmware
R7000 firmware
D6400 firmware
D6220 firmware
R6400 firmware
R7100lg firmware
R6700 firmware
R7300dst firmware
R8000 firmware
Srx5308 firmware
Fvs318gv2 firmware
Fvs318n firmware
Fvs336gv3 firmware
Arlo base station firmware
Arlo q plus camera firmware
Arlo q camera firmware
Wndr4500 firmware
Dgn2200bv4 firmware
Wndr4000 firmware
D6300b firmware
D6300 firmware
R6200 firmware
Ac1450 firmware
R6300 firmware
Vegn2610 firmware
Wndr3700v3 firmware
Wnr2000v5 firmware
Dgn2200 firmware
Dgn2200 series firmware
Wnap320 firmware
Wndap350 firmware
Wndap360 firmware
Wndap210v2 firmware
Wndap660 firmware
Wn604 firmware
Wn802tv2 firmware
Wnd930 firmware
Prosafe plus configuration utility
Wnr2000v3 firmware
Wnr2000v4 firmware
Dgnd3700 firmware
Ex7000 firmware
Wnr2000 firmware
Readynas os
Insight
Genie
Readynas os firmware
See all Products for Vendor Netgear


Copyright 2021, cxsecurity.com

 

Back to Top