Directory Traversal Vulnerability on Cisco DDR2200 and DDR2201 Residential Gateways
CVE-2017-11587

7.5HIGH

Key Information:

Vendor: Cisco
Status: Residential Gateway Firmware
Vendor: CVE Published:; 24 July 2017

Summary

A directory traversal vulnerability exists in Cisco DDR2200 and DDR2201 ADSL2+ Residential Gateways. This issue arises from improper validation of filenames within the /download.conf URI. An attacker can exploit this vulnerability to access arbitrary files on the affected device, potentially leading to unauthorized information disclosure. Users of affected versions should implement necessary security measures to mitigate the risk.

References

http://www.securityfocus.com/bid/100484

vdb-entryx_refsource_BID

http://seclists.org/fulldisclosure/2017/Jul/26

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2017
Vulnerability Reserved
Jul 23, 2017