CVE-2024-1430Sensitive Information Exposure in Netgear R7000

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 85.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Netgear R7000Netgear R7000 Firmware
Timeline
PublishedFeb 11
Latest updateMay 19

Description

A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5netgear/r70001.0.11.136_10.2.120
NVDnetgear/r7000_firmware1.0.11.136_10.2.120

🔴Vulnerability Details

2
GHSA
GHSA-72gx-q2mw-8j2q: A vulnerability has been found in Netgear R7000 12024-02-11
CVEList
Netgear R7000 Web Management Interface currentsetting.htm information disclosure2024-02-11

📋Vendor Advisories

1
Red Hat
kernel: mptcp: prevent BPF accessing lowat from a subflow socket.2024-05-19
CVE-2024-1430 — Sensitive Information Exposure | cvebase