Signature Detail

Security Intelligence Center

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:MISC:NG-ARB-FLUPLOAD
Severity	Major
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload
Release Date	2016/03/29
Update Number	2681
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload

This signature detects an attempt to exploit a known vulnerability against Netgear ProSAFE. Successful exploitation could allow an attacker to upload arbitrary files which could lead to further attacks.

Extended Description

CWE-434: Unrestricted Upload of File with Dangerous Type

Affected Products

Netgear prosafe_network_management_software_300 1.5.0.11

References

BugTraq: 82630
CVE: CVE-2016-1524
URL: http://seclists.org/fulldisclosure/2016/feb/30
URL: https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear_nms_rce.txt
URL: http://seclists.org/fulldisclosure/2016/Feb/30

|

|