漏洞标题
NETGEAR ProSAFE网络管理系统UpLoadServlet无限制文件上传远程代码执行漏洞
漏洞描述信息
NETGEAR ProSAFE网络管理系统UpLoadServlet无限制文件上传远程代码执行漏洞。此漏洞允许远程攻击者在影响NETGEAR ProSAFE网络管理系统部署上执行任意代码。利用此漏洞需要进行身份验证。
具体缺陷存在于UpLoadServlet类中。该问题源于对用户提供的数据的不当验证,允许上传任意文件。攻击者可以利用此漏洞在SYSTEM上下文中执行代码。这是ZDI-CAN-22923。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
危险类型文件的不加限制上传
漏洞标题
NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability
漏洞描述信息
NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.
The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22923.
CVSS信息
N/A
漏洞类别
危险类型文件的不加限制上传
漏洞标题
NETGEAR ProSAFE Network Management System 安全漏洞
漏洞描述信息
NETGEAR ProSAFE Network Management System是美国网件(NETGEAR)公司的一套网络管理解决方案。 NETGEAR ProSAFE Network Management System 存在安全漏洞,该漏洞源于缺乏对用户提供的数据进行适当验证。
CVSS信息
N/A
漏洞类别
其他