CVE-2013-10063

MEDIUM

Netgear SPH200D Skype phone firmware <=1.0.4.80 - Path Traversal

Title source: llm

Description

A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data.

Exploits (2)

exploitdb WRITEUP

by m-1-k-3 · textwebappshardware

https://www.exploit-db.com/exploits/24441

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb

View Code ZIP pw:eip

References (4)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb

[Various Sources] https://web.archive.org/web/20130207034706/http://www.s3cur1ty.de/m1adv2013-002

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/24441

[Third Party Advisory] https://www.vulncheck.com/advisories/netgear-sph200d-path-traversal-via-http-get

Scores

CVSS v4 6.9

EPSS 0.5202

EPSS Percentile 97.9%

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Details

CWE

CWE-22

Status published

Products (1)

Netgear/SPH200D < 1.0.4.80

Published Aug 01, 2025

Tracked Since Feb 18, 2026