Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Netgear SPH200D Path Traversal Vulnerability

Vulnerability

Exploited

A path traversal vulnerability has been identified in the Netgear SPH200D Skype phone, specifically in firmware versions through 1.0.4.80. This vulnerability resides in the device's embedded web server, where authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root. By injecting traversal sequences, sensitive system files and configuration data can be exposed.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive files and configuration data on the device.

Reproduction

The vulnerability can be reproduced by sending authenticated GET requests that include traversal sequences. This can be done using the Metasploit framework, with a module available that automates the exploitation process. The module requires a file list of sensitive files to be specified, along with valid login credentials for the device.

Added: Aug 1, 2025, 9:17 PM

Updated: Aug 1, 2025, 9:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.9

remediation

0.0

relevance

0.3

threat

9.5

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.9

remediation

0.0

relevance

0.3

threat

9.5

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Netgear SPH200D Path Traversal Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating