Reporter Paul Kurczaba
`Multiple Vulnerabilities in Netgear FVS318 Router
The Netgear FVS318 is an easy to use, firewall/router designed for home users and small businesses. SecuriNews Research has found 2 vulnerabilities in the router.
2.4, possibly others
1) By using HEX encoded characters, it is possible to bypass the URL filter. For example, if the router administrator blocks the phrase ".exe"; a user can encode one or more characters in the URL phrase to bypass the filter. If we encode the 'x' in ".exe", the new phrase ".e%78e" will bypass the filter.
Proof of Concept:
1) Example above.
January 14, 2005