Home

CVE-2016-1524

Description

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.

Risk Information

Base Score
9.6
MODERATE
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
67.599

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2016-1524 ,CVE-2016-1525 are affected in prosafe_network_management_software_300 1.5.0.11NCM
CVE-2016-1524NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234