1. Home
  2. CVE Database
  3. CVE-2016-1525
HIGH · 8.6

CVE-2016-1525

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the r...

Vulnerability Description

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.

CVSS Score

8.6

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
NetgearProsafe Network Management Software 3001.5.0.11

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2016-1525?

CVE-2016-1525 is a vulnerability with a CVSS score of 8.6 (HIGH). Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the r...

How severe is CVE-2016-1525?

CVE-2016-1525 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-1525?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Prosafe Network Management Software 300.