CVE-2014-2962
published 2014-06-19CVE-2014-2962: Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to…
PriorityP263high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
47.09%
98.7th percentile
Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| belkin | n150_f9k1009 | — | — |
| belkin | n150_f9k1009_firmware | <= 1.00.07 | — |
| belkin | n150_f9k1009_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect GET requests to /cgi-bin/webproc with a 'getpage' parameter containing an absolute file path (e.g., /etc/passwd). The parameter accepts unrestricted file paths, enabling arbitrary file read. ↗
- →A successful exploit response will contain Unix passwd file content matching 'root:.*:0:0:' with HTTP 200 status. The web server runs as root, so any file on the system is readable. ↗
- →Patched firmware versions 1.00.08 and 1.00.09 remain vulnerable — do not rely solely on firmware version checks for detection or remediation. ↗
- ·The vulnerability affects Belkin N150 F9K1009 v1 firmware versions 1.00.07 and earlier per the advisory, but the PoC confirms exploitation also succeeds on patched versions 1.00.08 and 1.00.09. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Belkin N150 Router 1.00.08/1.00.09 - Directory Traversal
exploitdb·2015-10-19
CVE-2014-2962 Belkin N150 Router 1.00.08/1.00.09 - Directory Traversal
Belkin N150 Router 1.00.08/1.00.09 - Directory Traversal
---
# Title: Path Traversal Vulnerability
# Product: Belkin Router N150
# Author: Rahul Pratap Singh
# Website: https://0x62626262.wordpress.com
# Contact:
Linkedin: https://in.linkedin.com/in/rahulpratapsingh94
Twitter: @0x62626262
# Vendor Homepage: http://www.belkin.com
# Firmware Tested: 1.00.08, 1.00.09
# CVE: 2014-2962
Description:
Belkin N150 wireless router firmware versions 1.00.07 and earlier contain a
path traversal vulnerability through the built-in web interface. The
webproc cgi
module accepts a getpage parameter which takes an unrestricted file path as
input. The web server runs with root privileges by default, allowing a
malicious attacker to read any file on the system.
A patch was released by Belkin but that is s
Nuclei
Belkin N150 Router 1.00.08/1.00.09 - Path Traversal
nuclei·CVSS 7.8
CVE-2014-2962 [HIGH] Belkin N150 Router 1.00.08/1.00.09 - Path Traversal
Belkin N150 Router 1.00.08/1.00.09 - Path Traversal
A path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
Template:
id: CVE-2014-2962
info:
name: Belkin N150 Router 1.00.08/1.00.09 - Path Traversal
author: daffainfo
severity: high
description: A path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
impact: |
An attacker can exploit this vulnerability to view sensitive files, potentially leading to unauthorized access, data leakage, or further compromise of the system.
No writeups or analysis indexed.
2014-06-19
Published