CVE-2013-10063 MEDIUM

CVE-2013-10063: Netgear SPH200D <= 1.0.4.80 Path Traversal via HTTP GET

Vendor Netgear
Product SPH200D
Weakness CWE-22 · Path traversal
Published August 1, 2025
Last update May 15, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data.

Key dates

02Disclosure timeline

August 1, 2025 CVE published
May 15, 2026 Record updated

Related vulnerabilities

04Related CVE