Rewterz Threat Advisory – CVE-2021-26919 – Apache Druid code execution
March 30, 2021Rewterz Threat Alert – LokiBot Malware – IOCs
March 30, 2021Rewterz Threat Advisory – CVE-2021-26919 – Apache Druid code execution
March 30, 2021Rewterz Threat Alert – LokiBot Malware – IOCs
March 30, 2021Severity
High
Analysis Summary
CVE-2021-27275
Netgear ProSAFE could allow a remote authenticated attacker to traverse directories on the system caused by a specific flaw that exists within the ConfigFileController class. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) in the realName parameter to view arbitrary files on the system and cause a denial of service.
CVE-2021-27276
Netgear ProSAFE is vulnerable to a denial of service, caused by directory traversal vulnerability within the ReportTemplateController class. By persuading a victim to open a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
Impact
Denial of service
Affected Vendors
NETGEAR
Afffected Products
NetGear ProSAFE
Remediation
Refer to NetGear Security advisory for patch, upgrade or suggested workaround information.