Vulnerability Details CVE-2024-28340
An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.4%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88currentsetting.htm%EF%BC%89.md
- https://www.netgear.com/about/security/
- https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88currentsetting.htm%EF%BC%89.md
- https://www.netgear.com/about/security/
Products affected by CVE-2024-28340
-
cpe:2.3:h:netgear:cbk40:-
-
cpe:2.3:h:netgear:cbk43:-
-
cpe:2.3:h:netgear:cbr40:-
-
cpe:2.3:o:netgear:cbk40_firmware:2.5.0.28
-
cpe:2.3:o:netgear:cbk43_firmware:2.5.0.28
-
cpe:2.3:o:netgear:cbr40_firmware:2.5.0.28