Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for prosafe_network_management_software_300 by netgear

    CVE-2024-5246 (GCVE-0-2024-5246)

    Vulnerability from nvd – Published: 2024-05-23 22:07 – Updated: 2024-08-01 21:03
    VLAI
    Title
    NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability
    Summary
    NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1395 - Dependency on Vulnerable Third-Party Component
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    NETGEAR ProSAFE Network Management System Affected: 1.7.0.34 x64
    Create a notification for this product.
    netgear prosafe_network_management_system Affected: 1.7.0.34 x64
        cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-22 23:32
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "prosafe_network_management_system",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.7.0.34 x64"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T19:21:20.249999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:02:38.927Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:11.154Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-497",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-497/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "ProSAFE Network Management System",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.0.34 x64"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-22T21:06:59.239Z",
          "datePublic": "2024-05-22T23:32:36.807Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1395",
                  "description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-23T22:07:15.475Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-497",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-497/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004"
            }
          ],
          "source": {
            "lang": "en",
            "value": "191bb9f9c7b3a89d5a586e15299e24417a4aca4d"
          },
          "title": "NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5246",
        "datePublished": "2024-05-23T22:07:15.475Z",
        "dateReserved": "2024-05-22T21:06:59.213Z",
        "dateUpdated": "2024-08-01T21:03:11.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1525 (GCVE-0-2016-1525)

    Vulnerability from nvd – Published: 2016-02-13 02:00 – Updated: 2024-08-05 23:02
    VLAI
    Summary
    Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:11.970Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rapid7.com/db/modules/exploit/windows/http/netgear_nms_rce"
              },
              {
                "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/537446/100/0/threaded"
              },
              {
                "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/Feb/30"
              },
              {
                "name": "39515",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/39515/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/135999/NETGEAR-ProSafe-Network-Management-System-300-Arbitrary-File-Upload.html"
              },
              {
                "name": "39412",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/39412/"
              },
              {
                "name": "VU#777024",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/777024"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rapid7.com/db/modules/exploit/windows/http/netgear_nms_rce"
            },
            {
              "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/537446/100/0/threaded"
            },
            {
              "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Feb/30"
            },
            {
              "name": "39515",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/39515/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/135999/NETGEAR-ProSafe-Network-Management-System-300-Arbitrary-File-Upload.html"
            },
            {
              "name": "39412",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/39412/"
            },
            {
              "name": "VU#777024",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/777024"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-1525",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.rapid7.com/db/modules/exploit/windows/http/netgear_nms_rce",
                  "refsource": "MISC",
                  "url": "http://www.rapid7.com/db/modules/exploit/windows/http/netgear_nms_rce"
                },
                {
                  "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/537446/100/0/threaded"
                },
                {
                  "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2016/Feb/30"
                },
                {
                  "name": "39515",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/39515/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/135999/NETGEAR-ProSafe-Network-Management-System-300-Arbitrary-File-Upload.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/135999/NETGEAR-ProSafe-Network-Management-System-300-Arbitrary-File-Upload.html"
                },
                {
                  "name": "39412",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/39412/"
                },
                {
                  "name": "VU#777024",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/777024"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-1525",
        "datePublished": "2016-02-13T02:00:00.000Z",
        "dateReserved": "2016-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:02:11.970Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1524 (GCVE-0-2016-1524)

    Vulnerability from nvd – Published: 2016-02-13 02:00 – Updated: 2024-08-05 23:02
    VLAI
    Summary
    Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/537446/100… mailing-listx_refsource_BUGTRAQ
    http://seclists.org/fulldisclosure/2016/Feb/30 mailing-listx_refsource_FULLDISC
    http://packetstormsecurity.com/files/135618/Netge… x_refsource_MISC
    https://www.exploit-db.com/exploits/39412/ exploitx_refsource_EXPLOIT-DB
    http://www.kb.cert.org/vuls/id/777024 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2016-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:11.942Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/537446/100/0/threaded"
              },
              {
                "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/Feb/30"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html"
              },
              {
                "name": "39412",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/39412/"
              },
              {
                "name": "VU#777024",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/777024"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/537446/100/0/threaded"
            },
            {
              "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Feb/30"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html"
            },
            {
              "name": "39412",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/39412/"
            },
            {
              "name": "VU#777024",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/777024"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-1524",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/537446/100/0/threaded"
                },
                {
                  "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2016/Feb/30"
                },
                {
                  "name": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html"
                },
                {
                  "name": "39412",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/39412/"
                },
                {
                  "name": "VU#777024",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/777024"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-1524",
        "datePublished": "2016-02-13T02:00:00.000Z",
        "dateReserved": "2016-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:02:11.942Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5246 (GCVE-0-2024-5246)

    Vulnerability from cvelistv5 – Published: 2024-05-23 22:07 – Updated: 2024-08-01 21:03
    VLAI
    Title
    NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability
    Summary
    NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1395 - Dependency on Vulnerable Third-Party Component
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    NETGEAR ProSAFE Network Management System Affected: 1.7.0.34 x64
    Create a notification for this product.
    netgear prosafe_network_management_system Affected: 1.7.0.34 x64
        cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-22 23:32
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "prosafe_network_management_system",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.7.0.34 x64"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T19:21:20.249999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:02:38.927Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:11.154Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-497",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-497/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "ProSAFE Network Management System",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.0.34 x64"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-22T21:06:59.239Z",
          "datePublic": "2024-05-22T23:32:36.807Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1395",
                  "description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-23T22:07:15.475Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-497",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-497/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004"
            }
          ],
          "source": {
            "lang": "en",
            "value": "191bb9f9c7b3a89d5a586e15299e24417a4aca4d"
          },
          "title": "NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5246",
        "datePublished": "2024-05-23T22:07:15.475Z",
        "dateReserved": "2024-05-22T21:06:59.213Z",
        "dateUpdated": "2024-08-01T21:03:11.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1525 (GCVE-0-2016-1525)

    Vulnerability from cvelistv5 – Published: 2016-02-13 02:00 – Updated: 2024-08-05 23:02
    VLAI
    Summary
    Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:11.970Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rapid7.com/db/modules/exploit/windows/http/netgear_nms_rce"
              },
              {
                "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/537446/100/0/threaded"
              },
              {
                "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/Feb/30"
              },
              {
                "name": "39515",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/39515/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/135999/NETGEAR-ProSafe-Network-Management-System-300-Arbitrary-File-Upload.html"
              },
              {
                "name": "39412",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/39412/"
              },
              {
                "name": "VU#777024",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/777024"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rapid7.com/db/modules/exploit/windows/http/netgear_nms_rce"
            },
            {
              "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/537446/100/0/threaded"
            },
            {
              "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Feb/30"
            },
            {
              "name": "39515",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/39515/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/135999/NETGEAR-ProSafe-Network-Management-System-300-Arbitrary-File-Upload.html"
            },
            {
              "name": "39412",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/39412/"
            },
            {
              "name": "VU#777024",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/777024"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-1525",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.rapid7.com/db/modules/exploit/windows/http/netgear_nms_rce",
                  "refsource": "MISC",
                  "url": "http://www.rapid7.com/db/modules/exploit/windows/http/netgear_nms_rce"
                },
                {
                  "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/537446/100/0/threaded"
                },
                {
                  "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2016/Feb/30"
                },
                {
                  "name": "39515",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/39515/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/135999/NETGEAR-ProSafe-Network-Management-System-300-Arbitrary-File-Upload.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/135999/NETGEAR-ProSafe-Network-Management-System-300-Arbitrary-File-Upload.html"
                },
                {
                  "name": "39412",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/39412/"
                },
                {
                  "name": "VU#777024",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/777024"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-1525",
        "datePublished": "2016-02-13T02:00:00.000Z",
        "dateReserved": "2016-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:02:11.970Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1524 (GCVE-0-2016-1524)

    Vulnerability from cvelistv5 – Published: 2016-02-13 02:00 – Updated: 2024-08-05 23:02
    VLAI
    Summary
    Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/537446/100… mailing-listx_refsource_BUGTRAQ
    http://seclists.org/fulldisclosure/2016/Feb/30 mailing-listx_refsource_FULLDISC
    http://packetstormsecurity.com/files/135618/Netge… x_refsource_MISC
    https://www.exploit-db.com/exploits/39412/ exploitx_refsource_EXPLOIT-DB
    http://www.kb.cert.org/vuls/id/777024 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2016-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:11.942Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/537446/100/0/threaded"
              },
              {
                "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/Feb/30"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html"
              },
              {
                "name": "39412",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/39412/"
              },
              {
                "name": "VU#777024",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/777024"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/537446/100/0/threaded"
            },
            {
              "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Feb/30"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html"
            },
            {
              "name": "39412",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/39412/"
            },
            {
              "name": "VU#777024",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/777024"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-1524",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/537446/100/0/threaded"
                },
                {
                  "name": "20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2016/Feb/30"
                },
                {
                  "name": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html"
                },
                {
                  "name": "39412",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/39412/"
                },
                {
                  "name": "VU#777024",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/777024"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-1524",
        "datePublished": "2016-02-13T02:00:00.000Z",
        "dateReserved": "2016-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:02:11.942Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }