PT-2009-4697 · NetGear · Netgear Dg632

Tom Neaves

Published

2009-06-30

Updated

2018-10-10

CVE-2009-2258

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Netgear DG632 version 3.4.0 ap

Description The issue allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter in the cgi-bin/webcm administrative web interface.

Recommendations For Netgear DG632 version 3.4.0 ap, consider restricting access to the cgi-bin/webcm administrative web interface until a fix is available, and avoid using the nextpage parameter with untrusted input.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2009-2258

Affected Products

Netgear Dg632

PT-2009-4697 · NetGear · Netgear Dg632

CVE-2009-2258

Weakness Enumeration

Related Identifiers

Affected Products

References · 6