7.8

CVE-2009-0680

Exploit
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetgearSsl312 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.41% 0.943
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0084.html
http://secunia.com/advisories/33896
Vendor Advisory
http://www.helith.net/txt/netgear_ssl312_remote_dos.txt
Exploit
http://www.securityfocus.com/bid/33675
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/48605
https://www.exploit-db.com/exploits/8008