Belkin Router N150 1.00.08, 1.00.09 - Path Traversal Vulnerability

ID EDB-ID:38488
Type exploitdb
Reporter Rahul Pratap Singh
Modified 2015-10-19T00:00:00


Belkin Router N150 1.00.08, 1.00.09 - Path Traversal Vulnerability. CVE-2014-2962. Webapps exploit for hardware platform

                                            # Title: Path Traversal Vulnerability
# Product: Belkin Router N150
# Author: Rahul Pratap Singh
# Website:
# Contact:
   Twitter: @0x62626262
# Vendor Homepage:
# Firmware Tested: 1.00.08, 1.00.09
# CVE: 2014-2962

Belkin N150 wireless router firmware versions 1.00.07 and earlier contain a
path traversal vulnerability through the built-in web interface. The
webproc cgi
module accepts a getpage parameter which takes an unrestricted file path as
input. The web server runs with root privileges by default, allowing a
malicious attacker to read any file on the system.

A patch was released by Belkin but that is still vulnerable.

#root:x:0:0:root:/root:/bin/bash root:x:0:0:root:/root:/bin/sh
#tw:x:504:504::/home/tw:/bin/bash #tw:x:504:504::/home/tw:/bin/msh