N/A

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ConfigFileController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-12125.

N/A

对路径名的限制不恰当(路径遍历)

NETGEAR ProSAFE Network Management System 路径遍历漏洞

Netgear NETGEAR是美国网件（Netgear）公司的一款路由器。连接两个或多个网络的硬件设备，在网络间起网关的作用。 NETGEAR ProSAFE Network Management System 存在路径遍历漏洞，该漏洞允许远程攻击者在受影响的系统上披露敏感信息和删除任意文件。

N/A

N/A