CVE-2009-2258

Netgear DG632 <3.4.0_ap - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2258. PoCs published by Tom Neaves.

AI-analyzed exploit summary This writeup describes an authentication bypass vulnerability in the Netgear DG632 router's web interface. The issue allows unauthenticated access to sensitive files by directly accessing them via their paths, bypassing the 'webcm' authentication script.

Description

Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Tom Neaves · textremotehardware
https://www.exploit-db.com/exploits/8963

This writeup describes an authentication bypass vulnerability in the Netgear DG632 router's web interface. The issue allows unauthenticated access to sensitive files by directly accessing them via their paths, bypassing the 'webcm' authentication script.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Netgear DG632 Router (Firmware V3.4.0_ap)
No auth needed
Prerequisites: Network access to the router's web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504312/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/8963
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1022404

Scores

EPSS 0.0669
EPSS Percentile 93.1%

Details

CWE
CWE-22
Status published
Products (2)
netgear/dg632
netgear/dg632_firmware 3.4.0_ap
Published Jun 30, 2009
Tracked Since Feb 18, 2026