Netgear ProSAFE could allow a remote authenticated attacker to traverse directories on the system caused by a specific flaw that exists within the ConfigFileController class. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) in the realName parameter to view arbitrary files on the system and cause a denial of service.
Netgear ProSAFE is vulnerable to a denial of service, caused by directory traversal vulnerability within the ReportTemplateController class. By persuading a victim to open a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
Denial of service
Refer to NetGear Security advisory for patch, upgrade or suggested workaround information.