CVE-2024-28339

CWE-200 — Information Exposure3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 75.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Cbk40 Firmware Netgear Cbk43 Firmware Netgear Cbr40 Firmware

Timeline

PublishedMar 12

Description

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

▶NVDnetgear/cbk40_firmware2.5.0.28

▶NVDnetgear/cbk43_firmware2.5.0.28

▶NVDnetgear/cbr40_firmware2.5.0.28

🔴Vulnerability Details

GHSA

GHSA-vrcc-m4x7-8j47: An information leak in the debuginfo↗2024-03-12

▶

CVEList

CVE-2024-28339: An information leak in the debuginfo↗2024-03-12

▶