Directory traversal

2017-07-2400:29:00

PRIOn knowledge base

www.prio-n.com

0.002 Low

EPSS

Percentile

55.7%

JSON

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI.

CPENameOperatorVersion
residential_gateway_firmwareeqddr2200bnaannexafccv0.0.3.45.4e
residential_gateway_firmwareeqddr2201v1naannexafccv0.0.3.28.3

CPE	Name	Operator	Version
	residential_gateway_firmware	eq	ddr2200bnaannexafccv0.0.3.45.4e
	residential_gateway_firmware	eq	ddr2201v1naannexafccv0.0.3.28.3

References

seclists.org/fulldisclosure/2017/Jul/26

www.securityfocus.com/bid/100484

0.002 Low

EPSS

Percentile

55.7%

JSON

Related for PRION:CVE-2017-11587