Information Disclosure and File Deletion Vulnerability in NETGEAR ProSAFE Network Management System
CVE-2021-27275

8.3HIGH

Key Information:

Vendor
Netgear
Vendor
CVE Published:
29 March 2021

Summary

This vulnerability in the NETGEAR ProSAFE Network Management System allows remote attackers to disclose sensitive information and perform arbitrary file deletions. Although the attack requires authentication, the existing mechanisms can be easily bypassed. The flaw resides in the ConfigFileController class, where the realName parameter is inadequately validated, leading to unsafe file operations. As a result, attackers may exploit this condition to gain unauthorized access to sensitive information or to instigate a denial-of-service response on the affected system. For further details, please refer to the NETGEAR security advisory and the Zero Day Initiative's report.

Affected Version(s)

ProSAFE Network Management System 1.6.0.26

References

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

rgod
.