3 matches found
CVE-2024-5246
CVE-2024-5246 affects NETGEAR ProSAFE Network Management System. The vulnerability is a Tomcat-based remote code execution in the product installer, caused by a vulnerable Apache Tomcat version. An attacker can execute code with SYSTEM privileges, requiring authentication to exploit. Public detai...
CVE-2016-1524
CVE-2016-1524 : NETGEAR ProSafe Network Management System NMS300 (1.5.0.11 and earlier) contains multiple unrestricted file upload vulnerabilities in the fileUpload.do endpoints (and lib-1.0/external/flash/fileUpload.do). A remote attacker can upload a JSP file and access it via a /null URI to tr...
CVE-2016-1525
CVE-2016-1525 affects NETGEAR ProSafe/NMS300 prior to or equal to 1.5.0.11, with a directory traversal flaw in data/config/image.do via the realName parameter that allows a remote authenticated user to read arbitrary files. The underlying issue is improper validation of the dot-dot path, enabling...