Information Disclosure and File Deletion Vulnerability in NETGEAR ProSAFE Network Management System
CVE-2021-27275
Key Information:
- Vendor
- Netgear
- Vendor
- CVE Published:
- 29 March 2021
Summary
This vulnerability in the NETGEAR ProSAFE Network Management System allows remote attackers to disclose sensitive information and perform arbitrary file deletions. Although the attack requires authentication, the existing mechanisms can be easily bypassed. The flaw resides in the ConfigFileController class, where the realName parameter is inadequately validated, leading to unsafe file operations. As a result, attackers may exploit this condition to gain unauthorized access to sensitive information or to instigate a denial-of-service response on the affected system. For further details, please refer to the NETGEAR security advisory and the Zero Day Initiative's report.
Affected Version(s)
ProSAFE Network Management System 1.6.0.26
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved