347 matches found
CVE-2021-27272
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
CVE-2021-27276
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
CVE-2021-27273
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
CVE-2021-27274
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results fr...
Design/Logic Flaw
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
CVE-2021-27276
CVE-2021-27276 affects NETGEAR ProSAFE Network Management System 1.6.0.26. The vulnerability is a directory traversal issue in the MibController class: during parsing the realName parameter, user-supplied paths are not properly validated before file operations, enabling an attacker to delete arbi...
CVE-2021-27276
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
CVE-2021-27275
CVE-2021-27275 affects NETGEAR ProSAFE Network Management System 1.6.0.26. The flaw resides in ConfigFileController realName handling, where user-supplied paths are not properly validated before file operations, enabling directory traversal. Consequences include disclosure of sensitive informatio...
CVE-2021-27273
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
CVE-2021-27273
CVE-2021-27273 affects NETGEAR ProSAFE Network Management System 1.6.0.26. A flaw in SettingConfigController.fileName handling allows an unauthenticated-by-default? (authentication bypass noted) remote code execution with SYSTEM privileges by abusing an unsafely-validated user-supplied string to ...
CVE-2021-27274
NETGEAR ProSAFE Network Management System 1.6.0.26 is impacted by CVE-2021-27274 due to an unchecked user-supplied path in MFileUploadController, enabling pre-auth remote code execution with SYSTEM privileges. The vulnerability stems from insufficient validation of file paths used in file operati...
CVE-2021-27272
CVE-2021-27272 affects NETGEAR ProSAFE Network Management System 1.6.0.26. A flaw in the ReportTemplateController when parsing a path parameter allows a remote attacker to delete arbitrary files by abusing file operations, even though authentication is required—this authentication can be bypassed...
CVE-2021-27272
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
Netgear ProSAFE Cross-Site Request Forgery (CVE-2020-35223)
A cross-site request forgery vulnerability exists in Netgear ProSAFE. Successful exploitation of this vulnerability can result in the execution of arbitrary code in the effected system...
Netgear ProSAFE Cross-Site Scripting (CVE-2020-35228)
A cross site scripting vulnerability exists in Netgear ProSAFE. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Netgear ProSAFE Remote Code Execution (CVE-2020-26919)
A remote code execution vulnerability exists in Netgear ProSAFE. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Netgear ProSAFE Buffer Overflow (CVE-2020-35227)
A buffer overflow vulnerability exists in Netgear ProSAFE. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Netgear ProSAFE Integer Overflow (CVE-2020-35230)
An integer overflow vulnerability exists in Netgear ProSAFE. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
NETGEAR ProSAFE Network Management System ReportTemplateController Directory Traversal Denial-of-Service Vulnerability
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...