Sign-up

ID

VAR-200312-0394


CVE

CVE-2003-1427


TITLE

Netgear FM114P Wireless Firewall File Disclosure Vulnerability

Trust: 0.9

sources: BID: 6807 // CNNVD: CNNVD-200312-129

DESCRIPTION

Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter. Netgear FM114P is a wireless network router that includes a firewall function.  Netgear FM114P wireless firewall lacks proper filtering of web requests submitted by users.  Netgear FM114P's WEB configuration interface lacks sufficient filtering for user-submitted requests. Attackers can submit malicious URL requests to break through the / upnp / service directory limit. Unauthorized access to router configuration files. Configuration files contain dial-up passwords, dynamic DNS configuration passwords, and router configurations. Options, etc. Attackers can use this information to conduct further attacks on routers. Netgear FM114P Wireless Firewalls allow directory traversal using escaped character sequences. It is possible for an unauthenticated user to retrieve the firewall's configuration file by escaping from the /upnp/service directory

Trust: 1.8

sources: NVD: CVE-2003-1427 // CNVD: CNVD-2003-0418 // BID: 6807 // VULHUB: VHN-8252

AFFECTED PRODUCTS

vendor:netgearmodel:fm114pscope:eqversion:1.4_beta_release_17

Trust: 1.6

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:netgearmodel:fm114pscope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2003-0418 // BID: 6807 // CNNVD: CNNVD-200312-129 // NVD: CVE-2003-1427

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-1427
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200312-129
value: MEDIUM

Trust: 0.6

VULHUB: VHN-8252
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2003-1427
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-8252
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-8252 // CNNVD: CNNVD-200312-129 // NVD: CVE-2003-1427

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

sources: VULHUB: VHN-8252 // NVD: CVE-2003-1427

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-129

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200312-129

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-8252

EXTERNAL IDS
db:NVDid:CVE-2003-1427
Trust: 2.3
db:BIDid:6807
Trust: 2.0
db:CNNVDid:CNNVD-200312-129
Trust: 0.7
db:CNVDid:CNVD-2003-0418
Trust: 0.6
db:XFid:114
Trust: 0.6
db:XFid:11279
Trust: 0.6
db:BUGTRAQid:20030209 BUG IN NETGEAR FM114P WIRELESS ROUTER FIRMWARE
Trust: 0.6
db:NSFOCUSid:4370
Trust: 0.6
db:SEEBUGid:SSVID-76046
Trust: 0.1
db:EXPLOIT-DBid:22236
Trust: 0.1
db:VULHUBid:VHN-8252
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2003-0418 // 
            
            
            
            VULHUB: VHN-8252 // 
            
            
            
            BID: 6807 // 
            
            
            
            CNNVD: CNNVD-200312-129 // 
            
            
            
            NVD: CVE-2003-1427

REFERENCES
url:http://www.securityfocus.com/bid/6807
Trust: 1.7
url:http://www.securityfocus.com/archive/1/311160
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/11279
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/11279
Trust: 0.6
url:http://www.nsfocus.net/vulndb/4370
Trust: 0.6
url:http://www.netgear.com/product_view.asp?xrp=4&yrp=12&zrp=142
Trust: 0.3
url:/archive/1/311160
Trust: 0.3
sources:
            
            
            VULHUB: VHN-8252 // 
            
            
            
            BID: 6807 // 
            
            
            
            CNNVD: CNNVD-200312-129 // 
            
            
            
            NVD: CVE-2003-1427

CREDITS
stickler※ stickler@rbg.informatik.tu-darmstadt.de
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200312-129

SOURCES
db:CNVDid:CNVD-2003-0418
db:VULHUBid:VHN-8252
db:BIDid:6807
db:CNNVDid:CNNVD-200312-129
db:NVDid:CVE-2003-1427

LAST UPDATE DATE
2024-08-14T13:40:28.239000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2003-0418date:2003-02-10T00:00:00
db:VULHUBid:VHN-8252date:2017-07-29T00:00:00
db:BIDid:6807date:2003-02-10T00:00:00
db:CNNVDid:CNNVD-200312-129date:2003-12-31T00:00:00
db:NVDid:CVE-2003-1427date:2017-07-29T01:29:11.157

SOURCES RELEASE DATE
db:CNVDid:CNVD-2003-0418date:2003-02-10T00:00:00
db:VULHUBid:VHN-8252date:2003-12-31T00:00:00
db:BIDid:6807date:2003-02-10T00:00:00
db:CNNVDid:CNNVD-200312-129date:2003-02-10T00:00:00
db:NVDid:CVE-2003-1427date:2003-12-31T05:00:00