Lucene search

MitreCVE-2016-10106

HistoryJan 03, 2017 - 6:59 a.m.

CVE-2016-10106

2017-01-0306:59:00

CWE-22

mitre

web.nvd.nist.gov

cve-2016-10106

directory traversal

netgear

fvs336gv3

fvs318n

fvs318gv2

srx5308

firmware

security vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

60.1%

JSON

Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a … (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file.

Affected configurations

Nvd

Node

netgearfvs336gv3_firmwareRange≤4.3-3.6

AND

netgearfvs336gv3Match-

Node

netgearsrx5308_firmwareRange≤4.3-3.6

AND

netgearsrx5308Match-

Node

netgearfvs318gv2_firmwareRange≤4.3-3.6

AND

netgearfvs318gv2Match-

Node

netgearfvs318n_firmwareRange≤4.3-3.6

AND

netgearfvs318nMatch-

VendorProductVersionCPE
netgearfvs336gv3_firmware*cpe:2.3:o:netgear:fvs336gv3_firmware:*:*:*:*:*:*:*:*
netgearfvs336gv3-cpe:2.3:h:netgear:fvs336gv3:-:*:*:*:*:*:*:*
netgearsrx5308_firmware*cpe:2.3:o:netgear:srx5308_firmware:*:*:*:*:*:*:*:*
netgearsrx5308-cpe:2.3:h:netgear:srx5308:-:*:*:*:*:*:*:*
netgearfvs318gv2_firmware*cpe:2.3:o:netgear:fvs318gv2_firmware:*:*:*:*:*:*:*:*
netgearfvs318gv2-cpe:2.3:h:netgear:fvs318gv2:-:*:*:*:*:*:*:*
netgearfvs318n_firmware*cpe:2.3:o:netgear:fvs318n_firmware:*:*:*:*:*:*:*:*
netgearfvs318n-cpe:2.3:h:netgear:fvs318n:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	fvs336gv3_firmware	*	cpe:2.3:o:netgear:fvs336gv3_firmware::::::::
netgear	fvs336gv3	-	cpe:2.3:h:netgear:fvs336gv3:-:::::::*
netgear	srx5308_firmware	*	cpe:2.3:o:netgear:srx5308_firmware::::::::
netgear	srx5308	-	cpe:2.3:h:netgear:srx5308:-:::::::*
netgear	fvs318gv2_firmware	*	cpe:2.3:o:netgear:fvs318gv2_firmware::::::::
netgear	fvs318gv2	-	cpe:2.3:h:netgear:fvs318gv2:-:::::::*
netgear	fvs318n_firmware	*	cpe:2.3:o:netgear:fvs318n_firmware::::::::
netgear	fvs318n	-	cpe:2.3:h:netgear:fvs318n:-:::::::*

References

kb.netgear.com/30739/Path-Traversal-Attack-Security-Vulnerability

www.securityfocus.com/bid/95204

www.securitytracker.com/id/1037548

twitter.com/mantislesin/status/816618162770821120

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

60.1%

JSON

Related for CVE-2016-10106