CVE-2016-10106 : Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices

Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file.

Published 2017-01-03 06:59:00

Updated 2017-07-27 01:29:01

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2016-10106

Probability of exploitation activity in the next 30 days: 0.22%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 59 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-10106

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2016-10106

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-10106

http://www.securitytracker.com/id/1037548

NETGEAR ProSAFE Firewall Bug Lets Remote Users Traverse the Directory to View Files on the Target System - SecurityTracker
https://twitter.com/mantislesin/status/816618162770821120

MantiS Le Sin on Twitter: "My very first CVE. NETGEAR ProSafe DirectoryTraversal. https://t.co/HjZY4W9O7T #netgear #0day #BugBounty #Pentest #vulnerability #bugtraq"
http://www.securityfocus.com/bid/95204

Multiple NETGEAR Products CVE-2016-10106 Directory Traversal Vulnerability
http://kb.netgear.com/30739/Path-Traversal-Attack-Security-Vulnerability

Path Traversal Attack Security Vulnerability | Answer | NETGEAR Support
Patch;Vendor Advisory

Products affected by CVE-2016-10106

Netgear » Fvs336gv3 Firmware
Versions up to, including, (<=) 4.3-3.6
cpe:2.3:o:netgear:fvs336gv3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Fvs336gv3 » Version: N/A
Netgear » Srx5308 Firmware
Versions up to, including, (<=) 4.3-3.6
cpe:2.3:o:netgear:srx5308_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Srx5308 » Version: N/A
Netgear » Fvs318gv2 Firmware
Versions up to, including, (<=) 4.3-3.6
cpe:2.3:o:netgear:fvs318gv2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Fvs318gv2 » Version: N/A
Netgear » Fvs318n Firmware
Versions up to, including, (<=) 4.3-3.6
cpe:2.3:o:netgear:fvs318n_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Fvs318n » Version: N/A

Vulnerability Details : CVE-2016-10106

Exploit prediction scoring system (EPSS) score for CVE-2016-10106

CVSS scores for CVE-2016-10106

CWE ids for CVE-2016-10106

References for CVE-2016-10106

Products affected by CVE-2016-10106