CVE-2024-28340

CWE-200 — Information Exposure3 documents3 sources

Severity

7.5HIGH

EPSS

0.2%

top 52.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Cbk40 Firmware Netgear Cbk43 Firmware Netgear Cbr40 Firmware

Timeline

PublishedMar 12

Description

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDnetgear/cbk40_firmware2.5.0.28

▶NVDnetgear/cbk43_firmware2.5.0.28

▶NVDnetgear/cbr40_firmware2.5.0.28

🔴Vulnerability Details

CVEList

CVE-2024-28340: An information leak in the currentsetting↗2024-03-12

▶

GHSA

GHSA-h9c5-fmrg-fj53: An information leak in the currentsetting↗2024-03-12

▶