Sign-up

ID

VAR-200906-0230


CVE

CVE-2009-2258


TITLE

Netgear DG632 Management running on top Web Directory traversal vulnerability in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2009-004773

DESCRIPTION

Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter. NetGear DG632 router is prone to multiple remote vulnerabilities. The Netgear DG632 router runs a web interface on port 80, allowing administrators to log in and manage the device's settings. Authentication to this web interface is handled by a script named webcm in /cgi-bin/, which redirects to relevant pages based on the user's authentication status. The webcm script handles user authentication and tries to load indextop.htm via the following javascript. The indextop.htm page requires HTTP Basic Authentication. --- <script language="javascript" type="text/javascript"> function loadnext() { //document.forms[0].target.value="top"; document.forms[0].submit() ; //top.location.href="../cgi-bin/webcm?nextpage=../html/indextop.htm"; }</script></head> <body bgcolor="#ffffff" onload= "loadnext()" > Loading file ... <form method="POST" action="../cgi-bin/webcm" id="uiPostForm"> <input type="hidden" name="nextpage" value= "../html/indextop.htm" id="uiGetNext"> </form> --- If a valid username for the default admin user is provided, the script will continue to load the indextop.htm page and load other frames based on hidden fields; if the user authentication fails, it will return to "../cgi-bin/webcm" . Normal use: http://TARGET_IP/cgi-bin/webcm?nextpage=../html/stattbl.htm This will ask the user to authenticate and deny access to this file if the authentication details are unknown. The same stattbl.htm file can be accessed without providing any credentials using the following URL: http://TARGET_IP/html/stattbl.htm

Trust: 1.98

sources: NVD: CVE-2009-2258 // JVNDB: JVNDB-2009-004773 // BID: 35376 // VULHUB: VHN-39704

AFFECTED PRODUCTS

vendor:netgearmodel:dg632scope:eqversion:3.4.0_ap

Trust: 1.6

vendor:netgearmodel:dg632scope:eqversion: -

Trust: 1.0

vendor:net gearmodel:dg632scope: - version: -

Trust: 0.8

vendor:net gearmodel:dg632scope:eqversion:3.4.0_ap

Trust: 0.8

vendor:netgearmodel:dg632 3.4.0 apscope: - version: -

Trust: 0.3

vendor:netgearmodel:dg632scope:eqversion:0

Trust: 0.3

sources: BID: 35376 // JVNDB: JVNDB-2009-004773 // CNNVD: CNNVD-200906-442 // NVD: CVE-2009-2258

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2258
value: HIGH

Trust: 1.0

NVD: CVE-2009-2258
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200906-442
value: HIGH

Trust: 0.6

VULHUB: VHN-39704
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-2258
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39704
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-39704 // JVNDB: JVNDB-2009-004773 // CNNVD: CNNVD-200906-442 // NVD: CVE-2009-2258

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-39704 // JVNDB: JVNDB-2009-004773 // NVD: CVE-2009-2258

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200906-442

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200906-442

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-004773

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-39704

PATCH
title:Top Pageurl:http://www.netgear.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-004773

EXTERNAL IDS
db:NVDid:CVE-2009-2258
Trust: 2.8
db:EXPLOIT-DBid:8963
Trust: 1.7
db:SECTRACKid:1022404
Trust: 1.7
db:JVNDBid:JVNDB-2009-004773
Trust: 0.8
db:MILW0RMid:8963
Trust: 0.6
db:BUGTRAQid:20090615 NETGEAR DG632 ROUTER AUTHENTICATION BYPASS VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-200906-442
Trust: 0.6
db:BIDid:35376
Trust: 0.3
db:VULHUBid:VHN-39704
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39704 // 
            
            
            
            BID: 35376 // 
            
            
            
            JVNDB: JVNDB-2009-004773 // 
            
            
            
            CNNVD: CNNVD-200906-442 // 
            
            
            
            NVD: CVE-2009-2258

REFERENCES
url:http://www.tomneaves.co.uk/netgear_dg632_authentication_bypass.txt
Trust: 2.0
url:http://securitytracker.com/id?1022404
Trust: 1.7
url:http://www.securityfocus.com/archive/1/504312/100/0/threaded
Trust: 1.1
url:http://www.exploit-db.com/exploits/8963
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2258
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2258
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/504312/100/0/threaded
Trust: 0.6
url:http://www.milw0rm.com/exploits/8963
Trust: 0.6
url:http://www.netgear.com/
Trust: 0.3
url:http://www.tomneaves.co.uk/netgear_dg632_remote_dos.txt
Trust: 0.3
url:/archive/1/504312
Trust: 0.3
url:/archive/1/504313
Trust: 0.3
url:/archive/1/504341
Trust: 0.3
url:/archive/1/504345
Trust: 0.3
sources:
            
            
            VULHUB: VHN-39704 // 
            
            
            
            BID: 35376 // 
            
            
            
            JVNDB: JVNDB-2009-004773 // 
            
            
            
            CNNVD: CNNVD-200906-442 // 
            
            
            
            NVD: CVE-2009-2258

CREDITS
Tom Neaves
Trust: 0.9
sources:
            
            
            BID: 35376 // 
            
            
            
            CNNVD: CNNVD-200906-442

SOURCES
db:VULHUBid:VHN-39704
db:BIDid:35376
db:JVNDBid:JVNDB-2009-004773
db:CNNVDid:CNNVD-200906-442
db:NVDid:CVE-2009-2258

LAST UPDATE DATE
2025-04-10T22:56:34.133000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-39704date:2018-10-10T00:00:00
db:BIDid:35376date:2009-07-09T20:36:00
db:JVNDBid:JVNDB-2009-004773date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200906-442date:2009-09-22T00:00:00
db:NVDid:CVE-2009-2258date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-39704date:2009-06-30T00:00:00
db:BIDid:35376date:2009-06-15T00:00:00
db:JVNDBid:JVNDB-2009-004773date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200906-442date:2009-06-30T00:00:00
db:NVDid:CVE-2009-2258date:2009-06-30T10:30:21.813