Rewterz Threat Advisory – CVE-2021-27274 – Netgear ProSAFE Network Management System Arbitrary File Upload

Rewterz Threat Alert – Lazarus APT Group – Active IOCs

June 28, 2021

Rewterz Threat Advisory – CVE-2021-1073 – NVIDIA GeForce Experience Vulnerability

June 28, 2021

Rewterz Threat Advisory – CVE-2021-27274 – Netgear ProSAFE Network Management System Arbitrary File Upload

Severity

High

Analysis Summary

CVE-2021-27274

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.

Impact

Code Execution
Privilege Escalation
Unauthorized Access

Affected Vendors

NETGEAR

Affected Products

ProSAFE NMS300

Remediation

Update your Security Gateway product to the latest IPS update.
https://www.checkpoint.com/defense/advisories/public/2006/sbp-31-Jul.html

Rewterz Annual Threat Intelligence Report 2025 - Download Now

Rewterz Threat Alert – Lazarus APT Group – Active IOCs

Rewterz Threat Advisory – CVE-2021-1073 – NVIDIA GeForce Experience Vulnerability

Rewterz Threat Advisory – CVE-2021-27274 – Netgear ProSAFE Network Management System Arbitrary File Upload

Severity

Analysis Summary

CVE-2021-27274

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan