CVE-2016-1525

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. dot dot in the realName parameter...

Unrestricted file upload

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using 1 fileUpload.do or 2 lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for ...

Netgear Management System NMS300 Arbitrary File Upload Vulnerability

The Netgear Management System NMS300 is a network management system for diagnosing, controlling and optimizing network devices. A security vulnerability in Netgear Management System NMS300 allows remote attackers to submit a special POST request to upload arbitrary files...

Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities

Overview Netgear Management System NMS300, version 1.5.0.11 and earlier, is vulnerable to arbitrary file upload, which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary...