CVE-2013-10063
published 2025-08-01CVE-2013-10063: A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can…
PriorityP347medium6.9CVSS 4.0
AVNACLATNPRHUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.85%
53.7th percentile
A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgear | sph200d | <= 1.0.4.80 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for HTTP GET requests containing directory traversal sequences (e.g., '../') targeting the Netgear SPH200D embedded web server ↗
- →A Metasploit auxiliary scanner module exists for this vulnerability and may be used in active exploitation attempts: modules/auxiliary/scanner/http/netgear_sph200d_traversal.rb ↗
- ·Exploitation requires prior authentication to the device's embedded web server ↗
- ·Vulnerability is confirmed only in Netgear SPH200D firmware versions 1.0.4.80 and below ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rbhttps://web.archive.org/web/20130207034706/http://www.s3cur1ty.de/m1adv2013-002https://www.exploit-db.com/exploits/24441https://www.vulncheck.com/advisories/netgear-sph200d-path-traversal-via-http-gethttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/netgear_sph200d_traversal.rbhttps://web.archive.org/web/20130207034706/http://www.s3cur1ty.de/m1adv2013-002https://www.exploit-db.com/exploits/24441
2025-08-01
Published