Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the cfg parameter for (1) 14all.cgi, (2) 14all-1.1.cgi, (3) traffic.cgi, or (4) mrtg.cgi.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mrtg | multi_router_traffic_grapher_cgi | 2.9.17 |
14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine the physical path to the web root directory via a request with an invalid cfg parameter, which generates an error message that reveals the path.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mrtg | mrtgconfig | 0.5.9 |