Details of VAR-201406-0324

ID

VAR-201406-0324

CVE

CVE-2014-2962

TITLE

Belkin N150 path traversal vulnerability

Trust: 0.8

sources: CERT/CC: VU#774788

DESCRIPTION

Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. Belkin N150 wireless routers contain a path traversal vulnerability. CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') http://cwe.mitre.org/data/definitions/22.htmlInformation may be obtained by a remote attacker. The Belkin N150 is a wireless router product. Belkin N150 is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Information obtained could aid in further attacks

Trust: 3.33

sources: NVD: CVE-2014-2962 // CERT/CC: VU#774788 // JVNDB: JVNDB-2014-002960 // CNVD: CNVD-2014-03817 // BID: 68085 // VULHUB: VHN-70901 // VULMON: CVE-2014-2962

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-03817

AFFECTED PRODUCTS

vendor:	belkin	model:	n150 f9k1009	scope:	eq	version:	1.00.01	Trust: 1.6
vendor:	belkin	model:	n150 f9k1009	scope:	eq	version:	v1	Trust: 1.0
vendor:	belkin	model:	n150 f9k1009	scope:	lte	version:	1.00.07	Trust: 1.0
vendor:	belkin	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	belkin	model:	n150 wireless home network router f9k1009	scope:	-	version:	-	Trust: 0.8
vendor:	belkin	model:	n150 wireless home network router f9k1009	scope:	lte	version:	version 1.00.07	Trust: 0.8
vendor:	belkin	model:	n150 f9k1009	scope:	lte	version:	<=1.00.07	Trust: 0.6
vendor:	belkin	model:	n150 f9k1009	scope:	eq	version:	1.00.07	Trust: 0.6

sources: CERT/CC: VU#774788 // CNVD: CNVD-2014-03817 // JVNDB: JVNDB-2014-002960 // CNNVD: CNNVD-201406-441 // NVD: CVE-2014-2962

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2962
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2962
value:	7.8
Trust: 0.8
IPA:	JVNDB-2014-002960
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-03817
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201406-441
value:	HIGH
Trust: 0.6
VULHUB:	VHN-70901
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-2962
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2962
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
IPA:	JVNDB-2014-002960
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2014-03817
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-70901
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#774788 // CNVD: CNVD-2014-03817 // VULHUB: VHN-70901 // VULMON: CVE-2014-2962 // JVNDB: JVNDB-2014-002960 // CNNVD: CNNVD-201406-441 // NVD: CVE-2014-2962

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-70901 // JVNDB: JVNDB-2014-002960 // NVD: CVE-2014-2962

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-441

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201406-441

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002960

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-70901 // VULMON: CVE-2014-2962

PATCH

title:	Belkin N150 Wireless Home Network Router, F9K1009 v1 - Firmware	url:	http://www.belkin.com/us/support-article?articleNum=109400	Trust: 0.8
title:	Belkin N150 Directory Traversal Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/46623	Trust: 0.6
title:	F9K1009_WW_1.00.08	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50530	Trust: 0.6
title:	Kenzer Templates [5170] [DEPRECATED]	url:	https://github.com/ARPSyndicate/kenzer-templates	Trust: 0.1

sources: CNVD: CNVD-2014-03817 // VULMON: CVE-2014-2962 // JVNDB: JVNDB-2014-002960 // CNNVD: CNNVD-201406-441

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2962	Trust: 4.3
db:	CERT/CC	id:	VU#774788	Trust: 3.4
db:	EXPLOIT-DB	id:	38488	Trust: 1.2
db:	BID	id:	68085	Trust: 1.0
db:	JVN	id:	JVNVU93510009	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-002960	Trust: 0.8
db:	CNNVD	id:	CNNVD-201406-441	Trust: 0.7
db:	CNVD	id:	CNVD-2014-03817	Trust: 0.6
db:	SEEBUG	id:	SSVID-90080	Trust: 0.1
db:	VULHUB	id:	VHN-70901	Trust: 0.1
db:	VULMON	id:	CVE-2014-2962	Trust: 0.1

sources: CERT/CC: VU#774788 // CNVD: CNVD-2014-03817 // VULHUB: VHN-70901 // VULMON: CVE-2014-2962 // BID: 68085 // JVNDB: JVNDB-2014-002960 // CNNVD: CNNVD-201406-441 // NVD: CVE-2014-2962

REFERENCES

url:	http://www.belkin.com/us/support-article?articlenum=109400	Trust: 2.6
url:	http://www.kb.cert.org/vuls/id/774788	Trust: 2.6
url:	https://www.exploit-db.com/exploits/38488/	Trust: 1.3
url:	http://cwe.mitre.org/data/definitions/22.html	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2962	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu93510009/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2962	Trust: 0.8
url:	http://www.securityfocus.com/bid/68085	Trust: 0.6
url:	http://www.belkin.com/index.asp	Trust: 0.3
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/arpsyndicate/kenzer-templates	Trust: 0.1

CREDITS

Aditya Lad

Trust: 0.3

sources: BID: 68085

SOURCES

db:	CERT/CC	id:	VU#774788
db:	CNVD	id:	CNVD-2014-03817
db:	VULHUB	id:	VHN-70901
db:	VULMON	id:	CVE-2014-2962
db:	BID	id:	68085
db:	JVNDB	id:	JVNDB-2014-002960
db:	CNNVD	id:	CNNVD-201406-441
db:	NVD	id:	CVE-2014-2962

LAST UPDATE DATE

2025-04-13T23:22:34.202000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#774788	date:	2015-09-29T00:00:00
db:	CNVD	id:	CNVD-2014-03817	date:	2014-06-23T00:00:00
db:	VULHUB	id:	VHN-70901	date:	2016-12-24T00:00:00
db:	VULMON	id:	CVE-2014-2962	date:	2016-12-24T00:00:00
db:	BID	id:	68085	date:	2014-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-002960	date:	2014-06-23T00:00:00
db:	CNNVD	id:	CNNVD-201406-441	date:	2014-06-20T00:00:00
db:	NVD	id:	CVE-2014-2962	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#774788	date:	2014-06-18T00:00:00
db:	CNVD	id:	CNVD-2014-03817	date:	2014-06-23T00:00:00
db:	VULHUB	id:	VHN-70901	date:	2014-06-19T00:00:00
db:	VULMON	id:	CVE-2014-2962	date:	2014-06-19T00:00:00
db:	BID	id:	68085	date:	2014-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-002960	date:	2014-06-19T00:00:00
db:	CNNVD	id:	CNNVD-201406-441	date:	2014-06-20T00:00:00
db:	NVD	id:	CVE-2014-2962	date:	2014-06-19T10:50:04.583