CVE-2016-1525
HIGHNETGEAR Management System NMS300 <1.5.0.11 - Path Traversal
Title source: llmDescription
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/39515
exploitdb
WORKING POC
by Pedro Ribeiro · textwebappshardware
https://www.exploit-db.com/exploits/39412
metasploit
WORKING POC
EXCELLENT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/netgear_nms_rce.rb
References (8)
Scores
CVSS v3
8.6
EPSS
0.8271
EPSS Percentile
99.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
netgear/prosafe_network_management_software_300
1.5.0.11
Published
Feb 13, 2016
Tracked Since
Feb 18, 2026