cbcvebase.
CVE-2024-30569
published 2024-04-03

CVE-2024-30569: An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.

PriorityP351high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
1.92%
77.4th percentile
An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.

Affected

1 ranges
VendorProductVersion rangeFixed in
netgearr6850_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/currentsetting.htm
otherFirmware=
otherLoginMethod=
otherModel=
  • Send an unauthenticated HTTP GET request to /currentsetting.htm; a vulnerable device returns HTTP 200 with body containing 'Firmware=', 'LoginMethod=', and 'Model=' strings simultaneously.
  • The vulnerable endpoint /currentsetting.htm requires no authentication; exposure can be confirmed by the absence of any login redirect or 401/403 response on direct access.
  • Use FOFA query 'app="NETGEAR" && "R6850"' to identify potentially vulnerable internet-facing Netgear R6850 devices for mass scanning.
  • ·Vulnerability is confirmed only against Netgear R6850 firmware version V1.1.0.88; other firmware versions are not confirmed affected.
  • ·The Nuclei template is marked 'verified: true' with max-request: 1, meaning a single GET to /currentsetting.htm is sufficient for detection with no additional requests needed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.