CVE-2016-10106
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
03/01/2017
Last modified:
12/04/2025
Description
Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:netgear:fvs336gv3_firmware:*:*:*:*:*:*:*:* | 4.3-3.6 (including) | |
| cpe:2.3:h:netgear:fvs336gv3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:srx5308_firmware:*:*:*:*:*:*:*:* | 4.3-3.6 (including) | |
| cpe:2.3:h:netgear:srx5308:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:fvs318gv2_firmware:*:*:*:*:*:*:*:* | 4.3-3.6 (including) | |
| cpe:2.3:h:netgear:fvs318gv2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netgear:fvs318n_firmware:*:*:*:*:*:*:*:* | 4.3-3.6 (including) | |
| cpe:2.3:h:netgear:fvs318n:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://kb.netgear.com/30739/Path-Traversal-Attack-Security-Vulnerability
- http://www.securityfocus.com/bid/95204
- http://www.securitytracker.com/id/1037548
- https://twitter.com/mantislesin/status/816618162770821120
- http://kb.netgear.com/30739/Path-Traversal-Attack-Security-Vulnerability
- http://www.securityfocus.com/bid/95204
- http://www.securitytracker.com/id/1037548
- https://twitter.com/mantislesin/status/816618162770821120