Details of VAR-201301-0497

ID

VAR-201301-0497

TITLE

Netgear SPH200D Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 57660 // CNNVD: CNNVD-201301-619

DESCRIPTION

The Netgear SPH200D is a dual mode cordless Skype phone. There are multiple input validation vulnerabilities in the Netgear SPH200D. Allows an attacker to exploit vulnerabilities for directory traversal and cross-site scripting attacks to obtain sensitive information or hijack user sessions. Exploiting these issues will allow an attacker to steal cookie-based authentication information, execute arbitrary scripts in the context of the browser, bypass security restrictions, perform unauthorized actions, and gain access to the local files and sensitive information. Information harvested may aid in launching further attacks. Netgear SPH200D Firmware 1.0.4.80 is vulnerable; other versions may also be affected

Trust: 0.81

sources: CNVD: CNVD-2013-00700 // BID: 57660

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-00700

AFFECTED PRODUCTS

vendor:

netgear

model:

sph200d version

scope:

version:

1.0.4.80

Trust: 0.6

sources: CNVD: CNVD-2013-00700

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-619

TYPE

Unknown

Trust: 0.3

sources: BID: 57660

EXTERNAL IDS

db:	BID	id:	57660	Trust: 1.5
db:	CNVD	id:	CNVD-2013-00700	Trust: 0.6
db:	CNNVD	id:	CNNVD-201301-619	Trust: 0.6

sources: CNVD: CNVD-2013-00700 // BID: 57660 // CNNVD: CNNVD-201301-619

REFERENCES

url:	http://www.s3cur1ty.de/node/666	Trust: 0.6
url:	http://www.securityfocus.com/bid/57660	Trust: 0.6
url:	http://support.netgear.com/product/sph200d	Trust: 0.3

sources: CNVD: CNVD-2013-00700 // BID: 57660 // CNNVD: CNNVD-201301-619

CREDITS

m-1-k-3

Trust: 0.9

sources: BID: 57660 // CNNVD: CNNVD-201301-619

SOURCES

db:	CNVD	id:	CNVD-2013-00700
db:	BID	id:	57660
db:	CNNVD	id:	CNNVD-201301-619

LAST UPDATE DATE

2022-05-17T01:43:25.993000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-00700	date:	2013-02-04T00:00:00
db:	BID	id:	57660	date:	2013-01-31T00:00:00
db:	CNNVD	id:	CNNVD-201301-619	date:	2013-02-05T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-00700	date:	2013-02-04T00:00:00
db:	BID	id:	57660	date:	2013-01-31T00:00:00
db:	CNNVD	id:	CNNVD-201301-619	date:	2013-01-31T00:00:00