CVE-2024-28339
MEDIUMNetgear CBR40, CBK40, CBK43 2.5.0.28 - Unauthenticated Sensitive Information Exposure via debuginfo.htm
Title source: llmDescription
An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.md
Vendor Advisory
https://www.netgear.com/about/security/
Scores
CVSS v3
5.4
EPSS
0.0043
EPSS Percentile
34.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (3)
netgear/cbk40_firmware
2.5.0.28
netgear/cbk43_firmware
2.5.0.28
netgear/cbr40_firmware
2.5.0.28
Published
Mar 12, 2024
Tracked Since
Feb 18, 2026