CVE-2016-10106

MEDIUM

NETGEAR FVS336Gv3-FVS318N-SRX5308 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file.

References (4)

[Patch, Vendor Advisory] http://kb.netgear.com/30739/Path-Traversal-Attack-Security-Vulnerability

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037548

[Various Sources] https://twitter.com/mantislesin/status/816618162770821120

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95204

Scores

CVSS v3 6.5

EPSS 0.0081

EPSS Percentile 74.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-22

Status published

Affected Products (5)

netgear/fvs336gv3_firmware < 4.3-3.6

netgear/srx5308_firmware < 4.3-3.6

netgear/fvs318gv2_firmware < 4.3-3.6

netgear/fvs318n_firmware < 4.3-3.6

n/a/n/a

Timeline

Published Jan 03, 2017

Tracked Since Feb 18, 2026