cbcvebase.
CVE-2024-6646
published 2024-07-10

CVE-2024-6646: A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file…

PriorityP352medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
45.96%
98.7th percentile
A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected

1 ranges
VendorProductVersion rangeFixed in
netgearwn604

Detection & IOCsextracted from sources · hover to see the quote

url/downloadFile.php?file=config
path/downloadFile.php
  • Detect exploitation attempts by monitoring GET requests to /downloadFile.php with the query parameter file=config on Netgear WN604 devices.
  • Confirm successful exploitation by checking HTTP 200 responses with Content-Type 'application/force-download' and body containing both 'system:basicSettings' and 'system:staSettings'.
  • Use FOFA query 'title=="Netgear"' to identify potentially exposed Netgear WN604 devices on the internet.
  • ·The vulnerability is unauthenticated — no credentials are required to exploit /downloadFile.php?file=config, allowing any remote attacker to download the router configuration file containing administrator credentials.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.