Описание
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:netgear:prosafe_network_management_software_300:1.5.0.11:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.83584
Высокий
8.6 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 8.6
github
больше 3 лет назад
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
EPSS
Процентиль: 99%
0.83584
Высокий
8.6 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-22