Intrusion Prevention

NETGEAR.NMS300.image.do.Directory.Traversal

Description

This indicates an attack attempt to exploit a Directory Traversal vulnerability in Netgear's NMS300.
The vulnerability is caused by insufficient sanitizing of the "realName" parameter that is passed to "image.do". A remote attacker can exploit this to gain unauthorized access to sensitive information.

Affected Products

NMS300 1.5.0.11
NMS300 1.5.0.2
NMS300 1.4.0.17
NMS300 1.1.0.13

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

CVE References

CVE-2016-1525