CVE-2014-2962
Scores
EPSS
Percentile: 88.9%
CVSS
CVSS Score: 7.8/10
All CVSS Scores
Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Vector Breakdown
CVSS (Common Vulnerability Scoring System) vector provides detailed metrics about vulnerability characteristics
CVSS
Attack Vector
Network (N)
Describes how the vulnerability is exploited
Attack Complexity
Low (L)
Describes the conditions beyond the attacker's control
Authentication
None (N)
Describes the level of privileges an attacker must possess
Confidentiality Impact
Complete
Measures the impact to the confidentiality of information
Integrity Impact
None (N)
Measures the impact to integrity of a successfully exploited vulnerability
Availability Impact
None (N)
Measures the impact to the availability of the impacted component
Description
Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
Scaner-VS 7 — a modern vulnerability management solution
Sources
CWEs
Exploits
Recommendations
Source: nvd
The CERT/CC is currently unaware of a practical solution to this problem. The vendor had previously indicated that the vulnerability was resolved in firmware version 1.00.08; however, recent reports indicate that firmware version 1.00.08 failed to address the issue and that version 1.00.09 is vulnerable as well. Users should consider the following workaround:Restrict AccessEnsure that appropriate firewall rules are in place to restrict access to port 80/tcp from external untrusted sources.
Vulnerable Software (2)
Type: Configuration
Vendor: *
Product: n150_f9k1009
Operating System: * * *
{ "children": [ { "cpe_match": [ { "cpe23uri": "cpe:2.3:o:belkin:n150_f9k1009_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.00.07", "vulnerable...
{ "children": [ { "cpe_match": [ { "cpe23uri": "cpe:2.3:o:belkin:n150_f9k1009_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.00.07", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:belkin:n150_f9k1009_firmware:1.00.01:*:*:*:*:*:*:*", "vulnerable": true } ], "operator": "OR" }, { "cpe_match": [ { "cpe23uri": "cpe:2.3:h:belkin:n150_f9k1009:v1:*:*:*:*:*:*:*", "vulnerable": true } ], "operator": "OR" } ], "operator": "AND"}
Source: nvd
Type: Configuration
Vendor: *
Product: n150_f9k1009_firmware
Operating System: * * *
{ "children": [ { "cpe_match": [ { "cpe23uri": "cpe:2.3:o:belkin:n150_f9k1009_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.00.07", "vulnerable...
{ "children": [ { "cpe_match": [ { "cpe23uri": "cpe:2.3:o:belkin:n150_f9k1009_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.00.07", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:belkin:n150_f9k1009_firmware:1.00.01:*:*:*:*:*:*:*", "vulnerable": true } ], "operator": "OR" }, { "cpe_match": [ { "cpe23uri": "cpe:2.3:h:belkin:n150_f9k1009:v1:*:*:*:*:*:*:*", "vulnerable": true } ], "operator": "OR" } ], "operator": "AND"}
Source: nvd