Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-28339

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-12 Mar, 2024 | 00:00
Updated At-28 Aug, 2024 | 13:46
Rejected At-
Credits

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:12 Mar, 2024 | 00:00
Updated At:28 Aug, 2024 | 13:46
Rejected At:
▼CVE Numbering Authority (CNA)

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.netgear.com/about/security/
N/A
https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.md
N/A
Hyperlink: https://www.netgear.com/about/security/
Resource: N/A
Hyperlink: https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.md
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.netgear.com/about/security/
x_transferred
https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.md
x_transferred
Hyperlink: https://www.netgear.com/about/security/
Resource:
x_transferred
Hyperlink: https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.md
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
NETGEAR, Inc.netgear
Product
cbr40_firmware
CPEs
  • cpe:2.3:o:netgear:cbr40_firmware:2.5.0.28:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2.5.0.28
Vendor
NETGEAR, Inc.netgear
Product
cbk40_firmware
CPEs
  • cpe:2.3:o:netgear:cbk40_firmware:2.5.0.28:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2.5.0.28
Vendor
NETGEAR, Inc.netgear
Product
cbk43_firmware
CPEs
  • cpe:2.3:o:netgear:cbk43_firmware:2.5.0.28:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2.5.0.28
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:12 Mar, 2024 | 17:15
Updated At:27 May, 2025 | 14:23

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CPE Matches
NETGEAR, Inc.
netgear
>>cbk40_firmware>>2.5.0.28
cpe:2.3:o:netgear:cbk40_firmware:2.5.0.28:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>cbk40>>-
cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>cbk43_firmware>>2.5.0.28
cpe:2.3:o:netgear:cbk43_firmware:2.5.0.28:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>cbk43>>-
cpe:2.3:h:netgear:cbk43:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>cbr40_firmware>>2.5.0.28
cpe:2.3:o:netgear:cbr40_firmware:2.5.0.28:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>cbr40>>-
cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-200
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.mdcve@mitre.org
Exploit
Third Party Advisory
https://www.netgear.com/about/security/cve@mitre.org
Vendor Advisory
https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.mdaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://www.netgear.com/about/security/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.netgear.com/about/security/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.md
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.netgear.com/about/security/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

58Records found
CVE-2017-18769
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.06% / 19.73%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:54
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX6200v2 before 1.0.1.50, EX7000 before 1.0.0.56, JR6150 before 1.0.1.18, R6050 before 1.0.1.10J, R6100 before 1.0.1.16, R6150 before 1.0.1.10, R6220 before 1.1.0.50, R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.26, R6700v2 before 1.2.0.4, R6800 before 1.0.1.10, R6900 before 1.0.1.26, R6900P before 1.0.0.58, R6900v2 before 1.2.0.4, R7000 before 1.0.9.6, R7000P before 1.0.0.58, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.40, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR3500Lv2 before 1.2.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wndr3700r6150r6220_firmwarer6400_firmwareex6200r7100lgwndr4300_firmwarer6900p_firmwared6220r7500_firmwarer7100lg_firmwarer8300r8500_firmwarer6050r7000_firmwarer6220wndr4500d6220_firmwarer6300_firmwared8500_firmwaredgn2200b_firmwared7000r9000_firmwared8500dgn2200br6700wndr3700_firmwarer7000wnr3500l_firmwareex6200_firmwared6400r7500r9000r6900_firmwarer7800r7900_firmwarejr6150_firmwareex7000_firmwarer7800_firmwarer6700_firmwarer6800_firmwarer6150_firmwarer8000_firmwarer6250r7300r7300_firmwarer8000ex7000d7800r6100_firmwarer6900pr7900wndr3400r6800dgn2200d6400_firmwarer6100r6250_firmwarer7000p_firmwared7800_firmwarer8500wndr3400_firmwared7000_firmwarer8300_firmwarewndr4500_firmwarer6900r7000pwnr3500ldgn2200_firmwarer6050_firmwarejr6150r6300wndr4300r6400n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18853
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.41% / 60.53%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 13:10
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2 1.0.2.18 and earlier, R6700 1.0.1.22 and earlier, R6900 1.0.1.20 and earlier, R7000 1.0.7.10 and earlier, R7000P 1.0.0.58 and earlier, R7100LG 1.0.0.28 and earlier, R7300DST 1.0.0.52 and earlier, R7900 1.0.1.12 and earlier, R8000 1.0.3.46 and earlier, R8300 1.0.2.86 and earlier, R8500 1.0.2.86 and earlier, WNDR3400v3 1.0.1.8 and earlier, and WNDR4500v2 1.0.0.62 and earlier.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwarer7100lgr7900wndr3400r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwaredgn2200r7000_firmwarewndr4500r7300dstr6300_firmwared8500_firmwarer7000p_firmwarer8500d8500wndr3400_firmwarer6700r8300_firmwarer7000wndr4500_firmwarer6900r7000pdgn2200_firmwarer6900_firmwarer7900_firmwarer6300r6400r6700_firmwarer8000_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18713
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.36%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:34
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwarer6700wndr4500_firmwared7800r6900r9000r7500wndr4300_firmwarer7500_firmwarer6900_firmwarer7800wndr4500wndr4300r7800_firmwarer6700_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18790
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 19.73%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 18:51
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500_firmwarer7100lg_firmwarer8500r7900_firmwarer7000_firmwarer7100lgr6700r8000r7000r6700_firmwarer7900r8000_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18710
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.37%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:47
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8300_firmwarer8300r8500_firmwarer8500n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-6646
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-93.13% / 99.78%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 17:31
Updated-01 Aug, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear WN604 Web Interface downloadFile.php information disclosure

A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-WN604wn604
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4775
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-11.58% / 93.37%
||
7 Day CHG~0.00%
Published-19 Dec, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-prosafe_gs510tpprosafe_gs724tprosafe_gs725tsprosafe_gs752txsprosafe_firmwareprosafe_gs728tpsprosafe_gs728txsprosafe_gs752tpsprosafe_s716tprosafe_gs728tsprosafe_gs748tn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-30570
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-15.79% / 94.47%
||
7 Day CHG+6.65%
Published-03 Apr, 2024 | 00:00
Updated-04 Apr, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6850_firmwarer6850n/ar6850_firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • Next
Details not found