Details of VAR-202508-0023

ID

VAR-202508-0023

CVE

CVE-2013-10063

TITLE

Netgear SPH200D Directory Traversal Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-28726

DESCRIPTION

A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data. The Netgear SPH200D is a wireless phone manufactured by Netgear Corporation

Trust: 1.44

sources: NVD: CVE-2013-10063 // CNVD: CNVD-2025-28726

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-28726

AFFECTED PRODUCTS

vendor:

netgear

model:

sph200d

scope:

lte

version:

<=1.0.4.80

Trust: 0.6

sources: CNVD: CNVD-2025-28726

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com:	CVE-2013-10063
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-28726
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-28726
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:N/AC:L/AU:M/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2025-28726 // NVD: CVE-2013-10063

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.0

sources: NVD: CVE-2013-10063

EXTERNAL IDS

db:	NVD	id:	CVE-2013-10063	Trust: 1.6
db:	EXPLOIT-DB	id:	24441	Trust: 1.0
db:	CNVD	id:	CNVD-2025-28726	Trust: 0.6

sources: CNVD: CNVD-2025-28726 // NVD: CVE-2013-10063

REFERENCES

url:	https://www.vulncheck.com/advisories/netgear-sph200d-path-traversal-via-http-get	Trust: 1.0
url:	https://www.exploit-db.com/exploits/24441	Trust: 1.0
url:	https://web.archive.org/web/20130207034706/http://www.s3cur1ty.de/m1adv2013-002	Trust: 1.0
url:	https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2013-10063	Trust: 0.6

sources: CNVD: CNVD-2025-28726 // NVD: CVE-2013-10063

SOURCES

db:	CNVD	id:	CNVD-2025-28726
db:	NVD	id:	CVE-2013-10063

LAST UPDATE DATE

2025-11-23T23:57:23.160000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-28726	date:	2025-11-19T00:00:00
db:	NVD	id:	CVE-2013-10063	date:	2025-08-06T15:15:31.060

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-28726	date:	2025-11-21T00:00:00
db:	NVD	id:	CVE-2013-10063	date:	2025-08-01T21:15:28.677