File Deletion Vulnerability in NETGEAR ProSAFE Network Management System
CVE-2021-27276

7.1HIGH

Key Information:

Vendor: Netgear
Status: Prosafe Network Management System
Vendor: CVE Published:; 29 March 2021

Summary

This vulnerability in the NETGEAR ProSAFE Network Management System 1.6.0.26 enables remote attackers to delete arbitrary files due to improper validation of user-supplied paths in the MibController class. Although exploitation requires authentication, the flaw's bypassable authentication mechanism poses significant risks, potentially leading to denial-of-service conditions.

Affected Version(s)

ProSAFE Network Management System 1.6.0.26

References

https://kb.netgear.com/000062722/Security-Advisory-for-De...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-359/

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2021
Vulnerability Reserved
Feb 16, 2021

Credit

rgod