CVE-2016-1525

8.6 HIGH

Published: February 13, 2016 Modified: May 06, 2026

Description

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html

Source: cret@cert.org

http://packetstormsecurity.com/files/135999/NETGEAR-ProSafe-Network-Management-System-300-Arbitrary-File-Upload.html

Source: cret@cert.org

http://seclists.org/fulldisclosure/2016/Feb/30

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/777024

Source: cret@cert.org

Third Party Advisory US Government Resource

http://www.rapid7.com/db/modules/exploit/windows/http/netgear_nms_rce

Source: cret@cert.org

http://www.securityfocus.com/archive/1/537446/100/0/threaded

Source: cret@cert.org

https://www.exploit-db.com/exploits/39412/

Source: cret@cert.org

https://www.exploit-db.com/exploits/39515/

Source: cret@cert.org

http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html