This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the MibController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12122.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: zdi
Published: 2021-03-29T20:55:25
Updated: 2024-08-03T20:48:15.935Z
Reserved: 2021-02-16T00:00:00
Link: CVE-2021-27276
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-03-29T21:15:13.437
Modified: 2021-03-30T18:50:27.700
Link: CVE-2021-27276
Redhat
No data.