Vulnerability Note VU#774788
Belkin N150 path traversal vulnerability
Belkin N150 wireless routers contain a path traversal vulnerability.
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - CVE-2014-2962
Belkin N150 wireless router firmware versions 1.00.07 and earlier contain a path traversal vulnerability through the built-in web interface. The webproc cgi module accepts a getpage parameter which takes an unrestricted file path as input. The web server runs with root privileges by default, allowing a malicious attacker to read any file on the system.
An unauthenticated attacker that is connected to the router's LAN may be able to read critical system files on the router.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Belkin, Inc.||Affected||10 Mar 2014||09 Jun 2014|
CVSS Metrics (Learn More)
Thanks to Aditya Lad for reporting this vulnerability.
This document was written by Todd Lewellen.
- CVE IDs: CVE-2014-2962
- Date Public: 18 Jun 2014
- Date First Published: 18 Jun 2014
- Date Last Updated: 18 Jun 2014
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.