CVE-2009-1730

Severity CVSS v4.0:

Pending analysis

Type:

CWE-22 Path Traversal

Publication date:

20/05/2009

Last modified:

09/04/2025

Description

Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command.

Impact

Vector 2.0

AV:N/AC:L/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 10.00 HIGH
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

10.00

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:netmechanica:netdecision_tftp_server:4.2:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

http://secunia.com/advisories/35131
http://www.princeofnigeria.org/blogs/index.php/2009/05/17/netdecision-tftp-server-4-2-tftp-directo?blog=1
http://www.securityfocus.com/bid/35002
https://exchange.xforce.ibmcloud.com/vulnerabilities/50574
http://secunia.com/advisories/35131
http://www.princeofnigeria.org/blogs/index.php/2009/05/17/netdecision-tftp-server-4-2-tftp-directo?blog=1
http://www.securityfocus.com/bid/35002
https://exchange.xforce.ibmcloud.com/vulnerabilities/50574