CVE-2025-4978Improper Authentication in Netgear Dgnd3700

CWE-287Improper Authentication3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
1.5%
top 19.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Netgear Dgnd3700Netgear Dgnd3700 Firmware
Timeline
PublishedMay 20

Description

A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5netgear/dgnd37001.1.00.15_1.00.15NA
NVDnetgear/dgnd3700_firmware1.1.00.15_1.00.15na

🔴Vulnerability Details

2
CVEList
Netgear DGND3700 Basic Authentication BRS_top.html improper authentication2025-05-20
GHSA
GHSA-x4gc-7rpm-6497: A vulnerability, which was classified as very critical, was found in Netgear DGND3700 12025-05-20
CVE-2025-4978 — Improper Authentication in Netgear | cvebase