← Back

CVE-2024-28340

nvd nist
Published: Mar 12, 2024Modified: May 27, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

Affected (3)

Netgear
3 products
Cbk40 Firmware
Cbk43 Firmware
Cbr40 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cbk40 Firmware
Version 2.5.0.28
Running on/withPlatform Versions
Netgear
Cbk40
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cbk43 Firmware
Version 2.5.0.28
Running on/withPlatform Versions
Netgear
Cbk43
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cbr40 Firmware
Version 2.5.0.28
Running on/withPlatform Versions
Netgear
Cbr40
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.