NETGEAR is aware of the path traversal attack vulnerability (also known as directory traversal, dot-dot-lash, directory climbing, and backtracking) that an attacker can use to access every file and directory on a system stored outside the web root folder.
This software vulnerability affects the following NETGEAR products:
- FVS336Gv3
- FVS318N
- FVS318Gv2
- SRX5308
NETGEAR strongly recommends that you upgrade to the latest firmware, version 4.3.3-8 that eliminates the path traversal attack security vulnerability. To install firmware v4.3.3-8, click the link to your product support page and follow the Installation Instructions:
The potential for the path traversal attack vulnerability remains if you do not update the firmware as recommended in this notification. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.
NETGEAR emails firmware updates to all registered users as firmware becomes available. To register your product, visit https://my.netgear.com/register/.
NETGEAR will update this KB article as more information becomes available.
We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.
To report a security vulnerability, visit https://bugcrowd.com/netgear.
If you are a NETGEAR customer with a security-related support concern, you can contact NETGEAR customer support at techsupport.security@netgear.com.
For all other issues, visit https://www.netgear.com/about/security/.
The security@netgear.com email address is no longer accepting messages and is no longer actively monitored.
Last Updated:01/05/2025
|
Article ID: 30739