cvedb.io
CVE-2016-1524
CRITICAL · CVSS 9.6
EPSS exploitation probability: 0%
Published 2016-02-13T02:59:09.900 · Last modified 2026-06-17T00:42:07.287

Summary

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.

Affected products

netgear — prosafe_network_management_software_300

Does this affect you?

Add your gear to cvedb and we'll alert you only when netgear ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.