Directory Traversal Vulnerability in Netgear DG632 Router
CVE-2009-2258

Currently unrated

Key Information:

Vendor: Netgear
Status: Dg632 Firmware; Dg632
Vendor: CVE Published:; 30 June 2009

Summary

The vulnerability in the administrative web interface of the Netgear DG632 router allows remote attackers to exploit directory traversal techniques through the manipulation of the 'nextpage' parameter. By utilizing a '../' sequence, an attacker can potentially gain unauthorized access to sensitive directories and files on the device, which can lead to further exploitation of the router's configuration and data. This highlights the necessity for secure coding practices in web interfaces to prevent unauthorized access.

References

http://www.tomneaves.co.uk/Netgear_DG632_Authentication_B...

x_refsource_MISC

http://www.securityfocus.com/archive/1/504312/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.exploit-db.com/exploits/8963

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability published
Jun 30, 2009
Vulnerability Reserved
Jun 29, 2009