NETGEAR.NMS300.fileUpload.do.Arbitrary.File.Upload
Description
This indicates an attack attempt against a Code Execution vulnerability in Netgear's NMS300.
The vulnerability is caused by insufficient sanitizing of files uploaded to "fileUpload.do". It allows a remote attacker to gain control of vulnerable systems via a crafted http request.
Affected Products
NMS300 1.5.0.11
NMS300 1.5.0.2
NMS300 1.4.0.17
NMS300 1.1.0.13
Impact
System Compromise: Remote attacker can gain control of vulnerable systems.
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-07 | 14.628 | Severity:high:critical |