CVE-2024-28340

HIGH

Netgear CBR40, CBK40, CBK43 2.5.0.28 - Unauthenticated Sensitive Information Exposure via currentsetting.htm

Title source: llm

Description

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88currentsetting.htm%EF%BC%89.md

View Exploit ZIP pw:eip

Vendor Advisory

https://www.netgear.com/about/security/

Scores

CVSS v3 7.5

EPSS 0.0063

EPSS Percentile 45.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (3)

netgear/cbk40_firmware 2.5.0.28

netgear/cbk43_firmware 2.5.0.28

netgear/cbr40_firmware 2.5.0.28

Published Mar 12, 2024

Tracked Since Feb 18, 2026