Directory Traversal Vulnerability in FiberHome HG2201T Devices
CVE-2019-17187

7.5HIGH

Key Information:

Vendor: Fiberhome
Status: Hg2201t Firmware
Vendor: CVE Published:; 8 October 2019

What is CVE-2019-17187?

The FiberHome HG2201T 1.00.M5007_JS_201804 devices are susceptible to a directory traversal vulnerability that allows an attacker to read arbitrary files on the system. This weakness is exploited through the /var/WEB-GUI/cgi-bin/downloadfile.cgi endpoint, enabling unauthorized pre-authentication access to sensitive data.

References

https://gist.github.com/ztz472947849/d62e7b6f4831b55c338e...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2019
Vulnerability Reserved
Oct 4, 2019

Fiberhome

What is CVE-2019-17187?

References

CVSS V3.1

Timeline