High severity7.5NVD Advisory· Published Jul 19, 2017· Updated May 13, 2026

CVE-2017-11456

Description

Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.

Affected products

Geneko/Gwr202 Gprs Router Firmware
cpe:2.3:o:geneko:gwr202_gprs_router_firmware:-:*:*:*:*:*:*:*
Geneko/Gwr252 Edge Router Firmware
cpe:2.3:o:geneko:gwr252_edge_router_firmware:-:*:*:*:*:*:*:*
Geneko/Gwr352 3g Router Firmware
cpe:2.3:o:geneko:gwr352_3g_router_firmware:-:*:*:*:*:*:*:*
Geneko/Gwr352wv Wide Voltage 3g Router Firmware
cpe:2.3:o:geneko:gwr352wv_wide_voltage_3g_router_firmware:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blogs.securiteam.com/index.php/archives/3317nvdExploitTechnical Description

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000