ID
VAR-201701-0491
CVE
CVE-2016-10106
TITLE
plural NETGEAR Device product firmware scgi-bin/platform.cgi Vulnerable to directory traversal
Trust: 0.8
DESCRIPTION
Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file. NETGEAR is a US NETGEAR company, a computer network equipment and other computer hardware manufacturers. Multiple NETGEAR products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input. Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Information obtained could aid in further attacks. NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices running firmware versions prior to 4.3.3-8 are vulnerable. The following products are affected: NETGEAR FVS336Gv3; FVS318N; FVS318Gv2; SRX5308
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | netgear | model: | fvs318n | scope: | lte | version: | 4.3-3.6 | Trust: 1.0 |
| vendor: | netgear | model: | fvs318gv2 | scope: | lte | version: | 4.3-3.6 | Trust: 1.0 |
| vendor: | netgear | model: | fvs336gv3 | scope: | lte | version: | 4.3-3.6 | Trust: 1.0 |
| vendor: | netgear | model: | srx5308 | scope: | lte | version: | 4.3-3.6 | Trust: 1.0 |
| vendor: | net gear | model: | fvs318gv2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | net gear | model: | fvs318gv2 | scope: | lt | version: | 4.3.3-8 | Trust: 0.8 |
| vendor: | net gear | model: | fvs318n | scope: | - | version: | - | Trust: 0.8 |
| vendor: | net gear | model: | fvs318n | scope: | lt | version: | 4.3.3-8 | Trust: 0.8 |
| vendor: | net gear | model: | fvs336gv3 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | net gear | model: | fvs336gv3 | scope: | lt | version: | 4.3.3-8 | Trust: 0.8 |
| vendor: | net gear | model: | srx5308 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | net gear | model: | srx5308 | scope: | lt | version: | 4.3.3-8 | Trust: 0.8 |
| vendor: | netgear | model: | fvs336gv3 | scope: | lte | version: | <=4.3-3.6 | Trust: 0.6 |
| vendor: | netgear | model: | fvs318n | scope: | lte | version: | <=4.3-3.6 | Trust: 0.6 |
| vendor: | netgear | model: | fvs318gv2 | scope: | lte | version: | <=4.3-3.6 | Trust: 0.6 |
| vendor: | netgear | model: | srx5308 | scope: | lte | version: | <=4.3-3.6 | Trust: 0.6 |
| vendor: | netgear | model: | fvs336gv3 | scope: | eq | version: | 4.3-3.6 | Trust: 0.6 |
| vendor: | netgear | model: | fvs318n | scope: | eq | version: | 4.3-3.6 | Trust: 0.6 |
| vendor: | netgear | model: | fvs318gv2 | scope: | eq | version: | 4.3-3.6 | Trust: 0.6 |
| vendor: | netgear | model: | srx5308 | scope: | eq | version: | 4.3-3.6 | Trust: 0.6 |
| vendor: | netgear | model: | srx5308 | scope: | eq | version: | 4.3.3-5 | Trust: 0.3 |
| vendor: | netgear | model: | fvs336gv3 | scope: | eq | version: | 4.3.3-5 | Trust: 0.3 |
| vendor: | netgear | model: | fvs318n | scope: | eq | version: | 4.3.3-5 | Trust: 0.3 |
| vendor: | netgear | model: | fvs318gv2 | scope: | eq | version: | 4.3.3-5 | Trust: 0.3 |
| vendor: | netgear | model: | srx5308 | scope: | ne | version: | 4.3.3-8 | Trust: 0.3 |
| vendor: | netgear | model: | fvs336gv3 | scope: | ne | version: | 4.3.3-8 | Trust: 0.3 |
| vendor: | netgear | model: | fvs318n | scope: | ne | version: | 4.3.3-8 | Trust: 0.3 |
| vendor: | netgear | model: | fvs318gv2 | scope: | ne | version: | 4.3.3-8 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
path traversal
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Path Traversal Attack Security Vulnerability | url: | http://kb.netgear.com/30739/Path-Traversal-Attack-Security-Vulnerability | Trust: 0.8 |
| title: | NETGEAR multiple product catalog traversal vulnerability patch | url: | https://www.cnvd.org.cn/patchInfo/show/87521 | Trust: 0.6 |
| title: | Multiple NETGEAR Product path traversal vulnerability fixes | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66750 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-10106 | Trust: 3.4 |
| db: | BID | id: | 95204 | Trust: 2.8 |
| db: | SECTRACK | id: | 1037548 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2016-006578 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201701-006 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2017-00110 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-88849 | Trust: 0.1 |
REFERENCES
| url: | http://kb.netgear.com/30739/path-traversal-attack-security-vulnerability | Trust: 2.0 |
| url: | http://www.securityfocus.com/bid/95204 | Trust: 1.9 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10106 | Trust: 1.4 |
| url: | https://twitter.com/mantislesin/status/816618162770821120 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id/1037548 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10106 | Trust: 0.8 |
| url: | http://www.netgear.com | Trust: 0.3 |
CREDITS
NETGEAR
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2017-00110 |
| db: | VULHUB | id: | VHN-88849 |
| db: | BID | id: | 95204 |
| db: | JVNDB | id: | JVNDB-2016-006578 |
| db: | CNNVD | id: | CNNVD-201701-006 |
| db: | NVD | id: | CVE-2016-10106 |
LAST UPDATE DATE
2025-04-13T23:21:03.637000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-00110 | date: | 2017-01-05T00:00:00 |
| db: | VULHUB | id: | VHN-88849 | date: | 2017-07-27T00:00:00 |
| db: | BID | id: | 95204 | date: | 2017-01-12T02:09:00 |
| db: | JVNDB | id: | JVNDB-2016-006578 | date: | 2017-01-11T00:00:00 |
| db: | CNNVD | id: | CNNVD-201701-006 | date: | 2017-01-04T00:00:00 |
| db: | NVD | id: | CVE-2016-10106 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-00110 | date: | 2017-01-05T00:00:00 |
| db: | VULHUB | id: | VHN-88849 | date: | 2017-01-03T00:00:00 |
| db: | BID | id: | 95204 | date: | 2016-11-28T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-006578 | date: | 2017-01-11T00:00:00 |
| db: | CNNVD | id: | CNNVD-201701-006 | date: | 2017-01-04T00:00:00 |
| db: | NVD | id: | CVE-2016-10106 | date: | 2017-01-03T06:59:00.183 |