CVE-2016-10106

6.5MEDIUM

Key Information:

Vendor
Netgear
Status
Fvs336gv3 Firmware
Vendor
CVE Published:
3 January 2017

Summary

Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file.

References

http://kb.netgear.com/30739/Path-Traversal-Attack-Securit...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95204
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037548
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.