CVE-2019-17224

MEDIUM Year: 2019
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html.

Related Vulnerabilities

CVE-2012-3337

MEDIUM
CVSS:5.3(Medium)

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" se...

CWE-222012

CVE-2013-2565

MEDIUM
CVSS:5.3(Medium)

A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.

CWE-222013

CVE-2014-125068

MEDIUM
CVSS:5.3(Medium)

A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The patc...

CWE-222014

CVE-2014-3972

MEDIUM
CVSS:5.3(Medium)

Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors.

CWE-222014

CVE-2014-7174

MEDIUM
CVSS:5.3(Medium)

FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.

CWE-222014

CVE-2014-8676

MEDIUM
CVSS:5.3(Medium)

Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL pat...

CWE-222014