Critical flaws has been found in Netgear’s NMS300 network management system which might lead to the remote code execution with system privileges and arbitrary file download.
A joint security research conducted by Pedro Ribeiro, a researcher from U.K.-based security consultancy Agile Information Security and CERT Committee identified thee vulnerabilities in the web interface
of the router that could allow attackers to upload and execute arbitrary java files remotely (CVE-2016-1524) and it also let hacker to download any file from Server (CVE-2016-1525).
The latest NMS300 software, version 220.127.116.11, is affected and there are currently no patches available from Netgear. As no patches is available, you can revise your firewall and make it stronger and monitor Network based services or protocols.