A vulnerability affecting Netgear’s NMS300 ProSafe network management system allows attackers to access the directory of servers the system runs on and upload malware.
The NMS300 ProSafe is a management system used by administrators to maintain and configure network devices. Netgear has not yet released a patch for the device.
One of the vulnerabilities (CVE-2016-1524) allows hackers to send a request to servlets and upload malicious files that can then accessed from the device server’s root directory. The other vulnerability (CVE-2016-1525) allows attackers change parameters to load malware from the server host.
The bugs were discovered by Pedro Ribeiro, director of research at Agile Information Security.