PT-2025-31697 · NetGear · Netgear Sph200D
Published
2025-08-01
·
Updated
2025-08-01
·
CVE-2013-10063
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Netgear SPH200D versions 1.0.4.80 and earlier
Description
A path traversal vulnerability exists in the embedded web server of the affected product. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data.
Recommendations
Update to a firmware version later than 1.0.4.80.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Sph200D