Описание
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
Ссылки
- Vendor Advisory
- Broken Link
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Broken Link
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.4.102 (исключая)
Одновременно
cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.0.4.102 (исключая)
Одновременно
cpe:2.3:o:netgear:rax38_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax38:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 1.0.4.102 (исключая)
Одновременно
cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01438
Низкий
7.1 High
CVSS3
3.6 Low
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
около 4 лет назад
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
EPSS
Процентиль: 80%
0.01438
Низкий
7.1 High
CVSS3
3.6 Low
CVSS2
Дефекты
CWE-22