Two highly serious Netgear NMS300 ProSafe security vulnerabilities have been discovered that could be exploited by hackers to gain control of servers running the software, and/or download any file on the server on which the software is running.
The Netgear NMS300 ProSafe network management system is used by many companies to configure and monitor their network devices. Netgear NMS300 ProSafe is popular with small to medium size businesses as the software is free to use on fewer than 200 devices.
Recently Agile Information Security researcher Pedro Ribero discovered two critical Netgear NMS300 ProSafe security vulnerabilities.
Netgear NMS300 ProSafe Security Vulnerabilities
One of the vulnerabilities (CVE-2016-1525) allows remote code execution by an unauthenticated user via the Netgear NMS300 web interface. A hacker would be able to exploit this security flaw and upload and run java files with full system privileges, potentially gaining full control of the server on which the software is being run.
The NMS300 system is used to manage a wide range of networked devices such as routers, switches, network-storage devices, wireless access points and firewalls. Not only could this vulnerability allow the configuration of these devices to be changed, it would also permit an attacker to install firmware updates on those devices.
The second vulnerability (CVE-2016-1524) discovered by Ribeiro is an arbitrary file download, that would permit an authenticated user to download any file stored on the server that is being used to run NMS300.
These Netgear NMS300 ProSafe security vulnerabilities are particularly serious and at the present time there is no patch available to plug the security flaws. Users can improve protection and prevent the Netgear NMS300 ProSafe security vulnerabilities from being exploited by restricting access to the web interface with new firewall rules to limit access. Ribeiro recommends never exposing Netgear NMS300 to the Internet or untrusted networks.
Both vulnerabilities affect Netgear NMS300 versions 1.5.0.11, 1.5.0.2, 1.4.0.17 and 1.1.0.13