March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – CVE-2021-26919 – Apache Druid code execution
March 30, 2021
Rewterz Threat Alert – LokiBot Malware – IOCs
March 30, 2021
Rewterz Threat Advisory – CVE-2021-26919 – Apache Druid code execution
March 30, 2021
Rewterz Threat Alert – LokiBot Malware – IOCs
March 30, 2021
Severity
High
Analysis Summary
CVE-2021-27275
Netgear ProSAFE could allow a remote authenticated attacker to traverse directories on the system caused by a specific flaw that exists within the ConfigFileController class. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) in the realName parameter to view arbitrary files on the system and cause a denial of service.
CVE-2021-27276
Netgear ProSAFE is vulnerable to a denial of service, caused by directory traversal vulnerability within the ReportTemplateController class. By persuading a victim to open a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
Impact
Denial of service
Affected Vendors
NETGEAR
Afffected Products
NetGear ProSAFE
Remediation
Refer to NetGear Security advisory for patch, upgrade or suggested workaround information.