CVE-2019-17187

HIGH

FiberHome HG2201T 1.00.M5007_JS_201804 - Unauthenticated Path Traversal via downloadfile.cgi

Title source: llm
STIX 2.1

Description

/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/ztz472947849/d62e7b6f4831b55c338ef22432eca06d

Scores

CVSS v3 7.5
EPSS 0.1077
EPSS Percentile 95.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
fiberhome/hg2201t_firmware 1.00.m5007_js_201804
Published Oct 08, 2019
Tracked Since Feb 18, 2026