Vulnerability Description
Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Fvs336Gv3 Firmware | <= 4.3-3.6 |
| Netgear | Fvs336Gv3 | - |
| Netgear | Srx5308 Firmware | <= 4.3-3.6 |
| Netgear | Srx5308 | - |
| Netgear | Fvs318Gv2 Firmware | <= 4.3-3.6 |
| Netgear | Fvs318Gv2 | - |
| Netgear | Fvs318N Firmware | <= 4.3-3.6 |
| Netgear | Fvs318N | - |
Related Weaknesses (CWE)
References
- http://kb.netgear.com/30739/Path-Traversal-Attack-Security-VulnerabilityPatchVendor Advisory
- http://www.securityfocus.com/bid/95204
- http://www.securitytracker.com/id/1037548
- https://twitter.com/mantislesin/status/816618162770821120
- http://kb.netgear.com/30739/Path-Traversal-Attack-Security-VulnerabilityPatchVendor Advisory
- http://www.securityfocus.com/bid/95204
- http://www.securitytracker.com/id/1037548
- https://twitter.com/mantislesin/status/816618162770821120
FAQ
What is CVE-2016-10106?
CVE-2016-10106 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrar...
How severe is CVE-2016-10106?
CVE-2016-10106 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10106?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Fvs336Gv3 Firmware, Netgear Fvs336Gv3, Netgear Srx5308 Firmware, Netgear Srx5308, Netgear Fvs318Gv2 Firmware.