VAR-200205-0029
Vulnerability from variot - Updated: 2025-04-03 22:30Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the cfg parameter for (1) 14all.cgi, (2) 14all-1.1.cgi, (3) traffic.cgi, or (4) mrtg.cgi. This can be accomplished by specifying a relative path and file name in a query string passed to the scripts via a properly constructed URL. The scripts reported to be vulnerable include mrtg.cgi, traffic.cgi, 14all-1.1.cgi, and 14all.cgi. An example URL is: http://somehost/mrtg.cgi?cfg=../../../../../../../../etc/passwd. All affected scripts are reportedly exploited with the same query string. (ie, the "cfg=" variable). Multi Router Traffic Grapher is a software that monitors traffic on network nodes. MRTG generates HTML pages containing GIF animations to represent a graphic representation of network traffic at that time. There is an input verification error in the implementation of the MRTG CGI program, and a remote attacker can use this vulnerability to browse any file that has permission to read on the host. The problem is that some CGI scripts of MRTG do not fully filter the user input. A remote attacker can traverse the directory on the host by inserting \"../\" into the input, and read any web process that has permission to read. document. The script programs affected by this vulnerability are mrtg.cgi, traffic.cgi, 14all-1.1.cgi and 14all.cgi, all of them use \"cfg\" variable, for example http://somehost/mrtg.cgi?cfg= ../../../../../../../../etc/passwd
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200205-0029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "multi router traffic grapher cgi",
"scope": "eq",
"trust": 1.6,
"vendor": "mrtg",
"version": "2.9.17"
},
{
"model": "multi router traffic grapher cgi -win32",
"scope": "eq",
"trust": 0.3,
"vendor": "mrtg",
"version": "2.9.17"
},
{
"model": "multi router traffic grapher cgi -unix",
"scope": "eq",
"trust": 0.3,
"vendor": "mrtg",
"version": "2.9.17"
}
],
"sources": [
{
"db": "BID",
"id": "4017"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-109"
},
{
"db": "NVD",
"id": "CVE-2002-0232"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UkR-XblP\u203b cuctema@ok.ru",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-109"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0232",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0232",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4625",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0232",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200205-109",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-4625",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4625"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-109"
},
{
"db": "NVD",
"id": "CVE-2002-0232"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the cfg parameter for (1) 14all.cgi, (2) 14all-1.1.cgi, (3) traffic.cgi, or (4) mrtg.cgi. This can be accomplished by specifying a relative path and file name in a query string passed to the scripts via a properly constructed URL. The scripts reported to be vulnerable include mrtg.cgi, traffic.cgi, 14all-1.1.cgi, and 14all.cgi. An example URL is: http://somehost/mrtg.cgi?cfg=../../../../../../../../etc/passwd. All affected scripts are reportedly exploited with the same query string. (ie, the \"cfg=\" variable). Multi Router Traffic Grapher is a software that monitors traffic on network nodes. MRTG generates HTML pages containing GIF animations to represent a graphic representation of network traffic at that time. There is an input verification error in the implementation of the MRTG CGI program, and a remote attacker can use this vulnerability to browse any file that has permission to read on the host. The problem is that some CGI scripts of MRTG do not fully filter the user input. A remote attacker can traverse the directory on the host by inserting \\\"../\\\" into the input, and read any web process that has permission to read. document. The script programs affected by this vulnerability are mrtg.cgi, traffic.cgi, 14all-1.1.cgi and 14all.cgi, all of them use \\\"cfg\\\" variable, for example http://somehost/mrtg.cgi?cfg= ../../../../../../../../etc/passwd",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0232"
},
{
"db": "BID",
"id": "4017"
},
{
"db": "VULHUB",
"id": "VHN-4625"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "4017",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-0232",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200205-109",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020202 NEW ADVISORY",
"trust": 0.6
},
{
"db": "XF",
"id": "8062",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4625",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4625"
},
{
"db": "BID",
"id": "4017"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-109"
},
{
"db": "NVD",
"id": "CVE-2002-0232"
}
]
},
"id": "VAR-200205-0029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4625"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:30:56.134000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0232"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/4017"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/8062.php"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=101266821909189\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=101266821909189\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.mrtg.org"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=101266821909189\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4625"
},
{
"db": "BID",
"id": "4017"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-109"
},
{
"db": "NVD",
"id": "CVE-2002-0232"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4625"
},
{
"db": "BID",
"id": "4017"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-109"
},
{
"db": "NVD",
"id": "CVE-2002-0232"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-05-29T00:00:00",
"db": "VULHUB",
"id": "VHN-4625"
},
{
"date": "2002-02-02T00:00:00",
"db": "BID",
"id": "4017"
},
{
"date": "2002-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200205-109"
},
{
"date": "2002-05-29T04:00:00",
"db": "NVD",
"id": "CVE-2002-0232"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-4625"
},
{
"date": "2009-07-11T09:56:00",
"db": "BID",
"id": "4017"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200205-109"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-0232"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-109"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MRTG CGI Remotely read arbitrary file vulnerabilities",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-109"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-109"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…