Intrusion PreventionNETGEAR.ProSAFE.NMS300.FileUploadUtils.Path.Traversal
Description
This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Netgear ProSAFE NMS300.
The vulnerability is due to improper validation of the user-supplied path in the FileUploadUtils class. A remote authenticated attacker could exploit the vulnerability by sending crafted HTTP requests to the target server. Successful exploitation would result in arbitrary file write and, in the worst case, remote code execution under the security context of SYSTEM.
Affected Products
Netgear ProSAFE NMS300 1.6.0.26 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://kb.netgear.com/000062559/NMS300-Software-Release-1-6-0-27
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2024-07-25 | 28.833 |
Modified
|
Name:NETGEAR. ProSAFE. NMS300. FileUploadUtils. Directory. Traversal:NETGEAR. ProSAFE. NMS300. FileUploadUtils. Path. Traversal |
| 2023-08-10 | 25.619 |
Modified
|
Name:Netgear. ProSAFE. NMS300. FileUploadUtils. Directory. Traversal:NETGEAR. ProSAFE. NMS300. FileUploadUtils. Directory. Traversal |
| 2021-06-22 | 18.102 |
Modified
|
Default_action:pass:drop |
| 2021-06-10 | 18.096 |
New
|
| ID | 50447 |
| Created | Jun 02, 2021 |
| Updated | Jul 23, 2024 |
| Risk |
|
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |
| Profile Type | Path Traversal |