CVE-2010-2307

Name of the Vulnerable Software and Affected Versions Motorola SURFBoard cable modem SBV6120E version SBV6X2X-1.0.0.5-SCM-02-SHPC

Description The issue allows remote attackers to read arbitrary files via directory traversal vulnerabilities in the web server. This can be achieved by using (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.

Recommendations For Motorola SURFBoard cable modem SBV6120E version SBV6X2X-1.0.0.5-SCM-02-SHPC, consider restricting access to the web server until a patch is available. As a temporary workaround, avoid using the vulnerable web server functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.