cbcvebase.
CVE-2014-2962
published 2014-06-19

CVE-2014-2962: Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to…

PriorityP263high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
47.09%
98.7th percentile
Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.

Affected

3 ranges
VendorProductVersion rangeFixed in
belkinn150_f9k1009
belkinn150_f9k1009_firmware<= 1.00.07
belkinn150_f9k1009_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo
path/cgi-bin/webproc
  • Detect GET requests to /cgi-bin/webproc with a 'getpage' parameter containing an absolute file path (e.g., /etc/passwd). The parameter accepts unrestricted file paths, enabling arbitrary file read.
  • A successful exploit response will contain Unix passwd file content matching 'root:.*:0:0:' with HTTP 200 status. The web server runs as root, so any file on the system is readable.
  • Patched firmware versions 1.00.08 and 1.00.09 remain vulnerable — do not rely solely on firmware version checks for detection or remediation.
  • ·The vulnerability affects Belkin N150 F9K1009 v1 firmware versions 1.00.07 and earlier per the advisory, but the PoC confirms exploitation also succeeds on patched versions 1.00.08 and 1.00.09.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.