Researcher finds critical bugs affecting Netgear NMS300 ProSafe

A vulnerability affecting Netgear’s NMS300 ProSafe network management system allows attackers to access the directory of servers the system runs on and upload malware.
A vulnerability affecting Netgear’s NMS300 ProSafe network management system allows attackers to access the directory of servers the system runs on and upload malware.

A vulnerability affecting Netgear's NMS300 ProSafe network management system allows attackers to access the directory of servers the system runs on and upload malware.

The NMS300 ProSafe is a management system used by administrators to maintain and configure network devices. Netgear has not yet released a patch for the device.

One of the vulnerabilities (CVE-2016-1524) allows hackers to send a request to servlets and upload malicious files that can then accessed from the device server's root directory. The other vulnerability (CVE-2016-1525) allows attackers change parameters to load malware from the server host.

The bugs were discovered by Pedro Ribeiro, director of research at Agile Information Security.

 A vulnerability affecting Netgear's NMS300 ProSafe network management system allows attackers to access the directory of servers the system runs on and upload malware.

The NMS300 ProSafe is a management system used by administrators to maintain and configure network devices. Netgear has not yet released a patch for the device.

One of the vulnerabilities (CVE-2016-1524) allows hackers to send a request to servlets and upload malicious files that can then accessed from the device server's root directory. The other vulnerability (CVE-2016-1525) allows attackers change parameters to load malware from the server host.

The bugs were discovered by Pedro Ribeiro, director of research at Agile Information Security, a security consulting firm he founded.


 A vulnerability affecting Netgear's NMS300 ProSafe network management system allows attackers to access the directory of servers the system runs on and upload malware.

The NMS300 ProSafe is a management system used by administrators to maintain and configure network devices. Netgear has not yet released a patch for the device.

One of the vulnerabilities (CVE-2016-1524) allows hackers to send a request to servlets and upload malicious files that can then accessed from the device server's root directory. The other vulnerability (CVE-2016-1525) allows attackers change parameters to load malware from the server host.

The bugs were discovered by Pedro Ribeiro, director of research at Agile Information Security, a security consulting firm he founded.


 A vulnerability affecting Netgear's NMS300 ProSafe network management system allows attackers to access the directory of servers the system runs on and upload malware.

The NMS300 ProSafe is a management system used by administrators to maintain and configure network devices. Netgear has not yet released a patch for the device.

One of the vulnerabilities (CVE-2016-1524) allows hackers to send a request to servlets and upload malicious files that can then accessed from the device server's root directory. The other vulnerability (CVE-2016-1525) allows attackers change parameters to load malware from the server host.

The bugs were discovered by Pedro Ribeiro, director of research at Agile Information Security, a security consulting firm he founded.


 A vulnerability affecting Netgear's NMS300 ProSafe network management system allows attackers to access the directory of servers the system runs on and upload malware.

The NMS300 ProSafe is a management system used by administrators to maintain and configure network devices. Netgear has not yet released a patch for the device.

One of the vulnerabilities (CVE-2016-1524) allows hackers to send a request to servlets and upload malicious files that can then accessed from the device server's root directory. The other vulnerability (CVE-2016-1525) allows attackers change parameters to load malware from the server host.

The bugs were discovered by Pedro Ribeiro, director of research at Agile Information Security, a security consulting firm he founded.


You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS