CVE-2016-1524

critical

Description

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.

References

https://www.exploit-db.com/exploits/39412/

http://www.securityfocus.com/archive/1/537446/100/0/threaded

http://www.kb.cert.org/vuls/id/777024

http://seclists.org/fulldisclosure/2016/Feb/30

http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html

Details

Source: Mitre, NVD

Published: 2016-02-13

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.6

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.94104