CVE-2017-11456

Published Jul 19, 2017

Last updated 7 years ago

Overview

Description: Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:geneko:gwr352_3g_router_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAEF2807-20CA-4C38-BBEA-A7C6DB3CAC07"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:geneko:gwr352_3g_router:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "705B0D7C-5192-49AD-8C5F-BF091773A898"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:geneko:gwr352wv_wide_voltage_3g_router_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9343D32-F84D-4EBF-AE3F-756145F60C07"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:geneko:gwr352wv_wide_voltage_3g_router:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DDBEF4A2-3466-4F58-A2AE-9517DF055F8D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:geneko:gwr252_edge_router_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF12B26C-5503-4BFD-B453-8806AE6F51BB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:geneko:gwr252_edge_router:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9ED2C10E-6E61-4705-9ADC-FFFEF938BDB0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:geneko:gwr202_gprs_router_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D01AB59E-A71A-47CC-B2A6-447677EFD47F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:geneko:gwr202_gprs_router:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "73FB4180-4378-4918-8B56-050E21B42C8A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References