CVE-2024-28339

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.md	Exploit Third Party Advisory
https://www.netgear.com/about/security/	Vendor Advisory
https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.md	Exploit Third Party Advisory
https://www.netgear.com/about/security/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:cbk40_firmware:2.5.0.28:*:*:*:*:*:*:*

cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:cbk43_firmware:2.5.0.28:*:*:*:*:*:*:*

cpe:2.3:h:netgear:cbk43:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:cbr40_firmware:2.5.0.28:*:*:*:*:*:*:*

cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-03-12 17:15

Updated : 2025-05-27 14:23

NVD link : CVE-2024-28339

Mitre link : CVE-2024-28339

CVE.ORG link : CVE-2024-28339

JSON object : View

Products Affected

netgear

cbk43
cbk40_firmware
cbk40
cbr40
cbr40_firmware
cbk43_firmware

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-28339", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-03-12T17:15:59.093", "references": [{"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.md", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.netgear.com/about/security/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.netgear.com/about/security/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required."}, {"lang": "es", "value": "Una fuga de informaci\u00f3n en el componente debuginfo.htm de Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28 y Netgear CBK43 2.5.0.28 permite a los atacantes obtener informaci\u00f3n confidencial sin necesidad de autenticaci\u00f3n."}], "lastModified": "2025-05-27T14:23:49.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:cbk40_firmware:2.5.0.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DCF9378-B518-4E68-BC62-3726408B4A26"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E526746E-1ED6-492E-B28C-A1CA8235D9FD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:cbk43_firmware:2.5.0.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E4ACC9A-4266-4319-AD6E-6CC4726BDB74"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:cbk43:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "582259CB-2616-4A3F-A9B6-C44640C00B11"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:cbr40_firmware:2.5.0.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D5B11E3-9832-4E88-AEFF-75EF2ADE91B4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}