{"vuid":"VU#774788","idnumber":"774788","name":"Belkin N150 path traversal vulnerability","keywords":["Belkin","router","path traversal","CWE-22"],"overview":"Belkin N150 wireless routers contain a path traversal vulnerability.","clean_desc":"CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - CVE-2014-2962 Belkin N150 wireless router firmware versions 1.00.07 and earlier contain a path traversal vulnerability through the built-in web interface. The webproc cgi module accepts a getpage parameter which takes an unrestricted file path as input. The web server runs with root privileges by default, allowing a malicious attacker to read any file on the system.","impact":"An unauthenticated attacker that is connected to the router's LAN may be able to read critical system files on the router.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem. The vendor had previously indicated that the vulnerability was resolved in firmware version 1.00.08; however, recent reports indicate that firmware version 1.00.08 failed to address the issue and that version 1.00.09 is vulnerable as well. Users should consider the following workaround:","workarounds":"Restrict Access Ensure that appropriate firewall rules are in place to restrict access to port 80/tcp from external untrusted sources.","sysaffected":"","thanks":"Thanks to Aditya Lad for originally reporting this vulnerability. Thanks to Rahul Pratap Singh for identifying the issue in version 1.00.09 and for testing 1.00.08.","author":"This document was written by Todd Lewellen.","public":["http://www.belkin.com/us/support-article?articleNum=109400","http://cwe.mitre.org/data/definitions/22.html"],"cveids":["CVE-2014-2962"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-03-10T15:23:02Z","publicdate":"2014-06-18T00:00:00Z","datefirstpublished":"2014-06-18T11:52:56Z","dateupdated":"2015-09-29T18:49:57Z","revision":19,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"7.8","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:--/A:--","cvss_temporalscore":"6.1","cvss_environmentalscore":"4.57255757448","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}