Description
Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.
Exploits (1)
References (1)
Core 1
Core References
Exploit, Technical Description x_refsource_misc
https://blogs.securiteam.com/index.php/archives/3317#more-3317
Scores
CVSS v3
7.5
EPSS
0.0821
EPSS Percentile
92.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (4)
geneko/gwr202_gprs_router_firmware
geneko/gwr252_edge_router_firmware
geneko/gwr352_3g_router_firmware
geneko/gwr352wv_wide_voltage_3g_router_firmware
Published
Jul 19, 2017
Tracked Since
Feb 18, 2026