Symlink Traversal Vulnerability in NETGEAR Wireless Routers
CVE-2013-4657

9.8CRITICAL

Key Information:

Vendor: Netgear
Status: Wnr3500u Firmware
Vendor: CVE Published:; 13 November 2019

Summary

The vulnerability arises from a misconfiguration in the SMB service present in certain NETGEAR wireless routers, specifically the WNR3500U and WNR3500L models. Through this misconfiguration, attackers can exploit symbolic links to gain unauthorized access to restricted files on the device, potentially leading to data exposure and further exploitation. This highlights significant security risks associated with improperly secured SMB configurations in consumer-grade networking equipment.

References

https://www.ise.io/soho_service_hacks/

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2019
Vulnerability Reserved
Jun 24, 2013