CVE-2021-27272

Name of the Vulnerable Software and Affected Versions NETGEAR ProSAFE Network Management System version 1.6.0.26

Description This issue allows remote attackers to delete arbitrary files on affected installations, potentially creating a denial-of-service condition. Although authentication is required, the existing mechanism can be bypassed. The flaw exists within the ReportTemplateController class, where the path parameter is not properly validated before use in file operations.

Recommendations For NETGEAR ProSAFE Network Management System version 1.6.0.26, consider disabling the ReportTemplateController class until a patch is available to prevent potential exploitation. Restrict access to file operations to minimize the risk of denial-of-service conditions. Avoid using user-supplied paths in file operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.