CVE-2013-10063

Netgear SPH200D Skype phone firmware <=1.0.4.80 - Path Traversal

Title source: llm

Description

A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data.

Exploits (2)

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb

View Code ZIP pw:eip

exploitdb WRITEUP

by m-1-k-3 · textwebappshardware

https://www.exploit-db.com/exploits/24441

View Code ZIP pw:eip

References (4)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb

[Various Sources] https://web.archive.org/web/20130207034706/http://www.s3cur1ty.de/m1adv2013-002

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/24441

[Third Party Advisory] https://www.vulncheck.com/advisories/netgear-sph200d-path-traversal-via-http-get

Scores

EPSS 0.4785

EPSS Percentile 97.7%

Classification

CWE

CWE-22

Status draft

Timeline

Published Aug 01, 2025

Tracked Since Feb 18, 2026