Netgear Prosafe Network Management System vulnerabilities

25 known vulnerabilities affecting netgear/prosafe_network_management_system.

Total CVEs
25
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH21

Vulnerabilities

Page 2 of 2
CVE-2021-27274CRITICALCVSS 9.8v1.6.0.262021-03-29
CVE-2021-27274 [CRITICAL] CWE-434 CVE-2021-27274: This vulnerability allows remote attackers to execute arbitrary code on affected installations of NE This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied
cvelistv5nvd
CVE-2021-27275HIGHCVSS 8.3v1.6.0.262021-03-29
CVE-2021-27275 [HIGH] CWE-22 CVE-2021-27275: This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary fi This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ConfigFileC
cvelistv5nvd
CVE-2021-27276HIGHCVSS 7.1v1.6.0.262021-03-29
CVE-2021-27276 [HIGH] CWE-22 CVE-2021-27276: This vulnerability allows remote attackers to delete arbitrary files on affected installations of NE This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the MibController class. When parsing the realName
cvelistv5nvd
CVE-2021-27273HIGHCVSS 8.8v1.6.0.262021-03-29
CVE-2021-27273 [HIGH] CWE-78 CVE-2021-27273: This vulnerability allows remote attackers to execute arbitrary code on affected installations of NE This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. When parsing th
cvelistv5nvd
CVE-2021-27272HIGHCVSS 7.1v1.6.0.262021-03-29
CVE-2021-27272 [HIGH] CWE-22 CVE-2021-27272: This vulnerability allows remote attackers to delete arbitrary files on affected installations of NE This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ReportTemplateController class. When parsing t
cvelistv5nvd
← Previous2 / 2