Directory Traversal Vulnerability in NETGEAR Management System NMS300
CVE-2016-1525

8.6HIGH

Key Information:

Vendor

Netgear
Status
Prosafe Network Management Software 300
Vendor
CVE Published:
13 February 2016

What is CVE-2016-1525?

The NETGEAR Management System NMS300 is susceptible to a directory traversal vulnerability that allows remote authenticated users to gain access to arbitrary files. By manipulating the realName parameter with a '..' (dot dot) sequence, attackers can exploit this vulnerability to read sensitive files from the system, posing a significant risk to data integrity and confidentiality.

References

http://www.rapid7.com/db/modules/exploit/windows/http/net...
x_refsource_MISC
http://www.securityfocus.com/archive/1/537446/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2016/Feb/30
mailing-listx_refsource_FULLDISC

EPSS Score

83% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.