VAR-200312-0394
Vulnerability from variot - Updated: 2025-04-03 22:21Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter. Netgear FM114P is a wireless network router that includes a firewall function.
Netgear FM114P wireless firewall lacks proper filtering of web requests submitted by users.
Netgear FM114P's WEB configuration interface lacks sufficient filtering for user-submitted requests. Attackers can submit malicious URL requests to break through the / upnp / service directory limit. Unauthorized access to router configuration files. Configuration files contain dial-up passwords, dynamic DNS configuration passwords, and router configurations. Options, etc. Attackers can use this information to conduct further attacks on routers. Netgear FM114P Wireless Firewalls allow directory traversal using escaped character sequences. It is possible for an unauthenticated user to retrieve the firewall's configuration file by escaping from the /upnp/service directory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0394",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fm114p",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "1.4_beta_release_17"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "fm114p",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-0418"
},
{
"db": "BID",
"id": "6807"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-129"
},
{
"db": "NVD",
"id": "CVE-2003-1427"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "stickler\u203b stickler@rbg.informatik.tu-darmstadt.de",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-129"
}
],
"trust": 0.6
},
"cve": "CVE-2003-1427",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-1427",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-8252",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-1427",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-129",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-8252",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8252"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-129"
},
{
"db": "NVD",
"id": "CVE-2003-1427"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter. Netgear FM114P is a wireless network router that includes a firewall function. \n\n\u00a0Netgear FM114P wireless firewall lacks proper filtering of web requests submitted by users. \n\n\u00a0Netgear FM114P\u0027s WEB configuration interface lacks sufficient filtering for user-submitted requests. Attackers can submit malicious URL requests to break through the / upnp / service directory limit. Unauthorized access to router configuration files. Configuration files contain dial-up passwords, dynamic DNS configuration passwords, and router configurations. Options, etc. Attackers can use this information to conduct further attacks on routers. Netgear FM114P Wireless Firewalls allow directory traversal using escaped character sequences. It is possible for an unauthenticated user to retrieve the firewall\u0027s configuration file by escaping from the /upnp/service directory",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1427"
},
{
"db": "CNVD",
"id": "CNVD-2003-0418"
},
{
"db": "BID",
"id": "6807"
},
{
"db": "VULHUB",
"id": "VHN-8252"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-8252",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8252"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-1427",
"trust": 2.3
},
{
"db": "BID",
"id": "6807",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200312-129",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2003-0418",
"trust": 0.6
},
{
"db": "XF",
"id": "114",
"trust": 0.6
},
{
"db": "XF",
"id": "11279",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030209 BUG IN NETGEAR FM114P WIRELESS ROUTER FIRMWARE",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "4370",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-76046",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22236",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-8252",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-0418"
},
{
"db": "VULHUB",
"id": "VHN-8252"
},
{
"db": "BID",
"id": "6807"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-129"
},
{
"db": "NVD",
"id": "CVE-2003-1427"
}
]
},
"id": "VAR-200312-0394",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8252"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:21:55.908000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8252"
},
{
"db": "NVD",
"id": "CVE-2003-1427"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6807"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/311160"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11279"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/11279"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/4370"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/product_view.asp?xrp=4\u0026yrp=12\u0026zrp=142"
},
{
"trust": 0.3,
"url": "/archive/1/311160"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8252"
},
{
"db": "BID",
"id": "6807"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-129"
},
{
"db": "NVD",
"id": "CVE-2003-1427"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2003-0418"
},
{
"db": "VULHUB",
"id": "VHN-8252"
},
{
"db": "BID",
"id": "6807"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-129"
},
{
"db": "NVD",
"id": "CVE-2003-1427"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-0418"
},
{
"date": "2003-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-8252"
},
{
"date": "2003-02-10T00:00:00",
"db": "BID",
"id": "6807"
},
{
"date": "2003-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-129"
},
{
"date": "2003-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2003-1427"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-0418"
},
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-8252"
},
{
"date": "2003-02-10T00:00:00",
"db": "BID",
"id": "6807"
},
{
"date": "2003-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-129"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2003-1427"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-129"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear FM114P Wireless Firewall File Disclosure Vulnerability",
"sources": [
{
"db": "BID",
"id": "6807"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-129"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-129"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…