Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file upload vulnerability that can be exploited by an unauthenticated remote attacker to execute code as the SYSTEM user. Two servlets are vulnerable, FileUploadController (located at /lib-1.0/external/flash/fileUpload.do) and FileUpload2Controller (located at /fileUpload.do). This Metasploit module exploits the latter, and has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13.
21b61eacb45384fca46646a93d57a232dc9d4a63ea542dc6fb29807e1a4dc643
Netgear Pro NMS 300 suffers from code execution and arbitrary file download vulnerabilities.
bd8afe526581d0c940240674b8f3e8ad40ed6f11a99c8f7c416c4282267549ff