VAR-201301-0497
Vulnerability from variot - Updated: 2022-05-17 01:43The Netgear SPH200D is a dual mode cordless Skype phone. There are multiple input validation vulnerabilities in the Netgear SPH200D. Allows an attacker to exploit vulnerabilities for directory traversal and cross-site scripting attacks to obtain sensitive information or hijack user sessions. Exploiting these issues will allow an attacker to steal cookie-based authentication information, execute arbitrary scripts in the context of the browser, bypass security restrictions, perform unauthorized actions, and gain access to the local files and sensitive information. Information harvested may aid in launching further attacks. Netgear SPH200D Firmware 1.0.4.80 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201301-0497",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sph200d version",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "1.0.4.80"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00700"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "m-1-k-3",
"sources": [
{
"db": "BID",
"id": "57660"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-619"
}
],
"trust": 0.9
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Netgear SPH200D is a dual mode cordless Skype phone. There are multiple input validation vulnerabilities in the Netgear SPH200D. Allows an attacker to exploit vulnerabilities for directory traversal and cross-site scripting attacks to obtain sensitive information or hijack user sessions. \nExploiting these issues will allow an attacker to steal cookie-based authentication information, execute arbitrary scripts in the context of the browser, bypass security restrictions, perform unauthorized actions, and gain access to the local files and sensitive information. Information harvested may aid in launching further attacks. \nNetgear SPH200D Firmware 1.0.4.80 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00700"
},
{
"db": "BID",
"id": "57660"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "57660",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-00700",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201301-619",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00700"
},
{
"db": "BID",
"id": "57660"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-619"
}
]
},
"id": "VAR-201301-0497",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00700"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00700"
}
]
},
"last_update_date": "2022-05-17T01:43:25.993000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.s3cur1ty.de/node/666"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/57660"
},
{
"trust": 0.3,
"url": "http://support.netgear.com/product/sph200d"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00700"
},
{
"db": "BID",
"id": "57660"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-619"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-00700"
},
{
"db": "BID",
"id": "57660"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-619"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00700"
},
{
"date": "2013-01-31T00:00:00",
"db": "BID",
"id": "57660"
},
{
"date": "2013-01-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-619"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00700"
},
{
"date": "2013-01-31T00:00:00",
"db": "BID",
"id": "57660"
},
{
"date": "2013-02-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-619"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-619"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear SPH200D Multiple Security Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "57660"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-619"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "57660"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…