An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
27 May 2025, 14:23
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netgear cbr40 Firmware
Netgear Netgear cbk43 Netgear cbk40 Firmware Netgear cbk43 Firmware Netgear cbr40 Netgear cbk40 |
|
References | () https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88currentsetting.htm%EF%BC%89.md - Exploit, Third Party Advisory | |
References | () https://www.netgear.com/about/security/ - Vendor Advisory | |
CPE | cpe:2.3:o:netgear:cbk43_firmware:2.5.0.28:*:*:*:*:*:*:* cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:cbk40_firmware:2.5.0.28:*:*:*:*:*:*:* cpe:2.3:o:netgear:cbr40_firmware:2.5.0.28:*:*:*:*:*:*:* cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:cbk43:-:*:*:*:*:*:*:* |
21 Nov 2024, 09:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88currentsetting.htm%EF%BC%89.md - | |
References | () https://www.netgear.com/about/security/ - |
21 Aug 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-200 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
12 Mar 2024, 17:46
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-12 17:15
Updated : 2025-05-27 14:23
NVD link : CVE-2024-28340
Mitre link : CVE-2024-28340
CVE.ORG link : CVE-2024-28340
JSON object : View
Products Affected
netgear
- cbk43_firmware
- cbr40
- cbk40
- cbk43
- cbr40_firmware
- cbk40_firmware
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor