CVE-2024-28340

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88currentsetting.htm%EF%BC%89.md	Exploit Third Party Advisory
https://www.netgear.com/about/security/	Vendor Advisory
https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88currentsetting.htm%EF%BC%89.md	Exploit Third Party Advisory
https://www.netgear.com/about/security/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:cbk40_firmware:2.5.0.28:*:*:*:*:*:*:*

cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:cbk43_firmware:2.5.0.28:*:*:*:*:*:*:*

cpe:2.3:h:netgear:cbk43:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:cbr40_firmware:2.5.0.28:*:*:*:*:*:*:*

cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-03-12 17:15

Updated : 2025-05-27 14:23

NVD link : CVE-2024-28340

Mitre link : CVE-2024-28340

CVE.ORG link : CVE-2024-28340

JSON object : View

Products Affected

netgear

cbk43
cbk40_firmware
cbk40
cbr40
cbr40_firmware
cbk43_firmware

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-28340", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-03-12T17:15:59.140", "references": [{"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88currentsetting.htm%EF%BC%89.md", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.netgear.com/about/security/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88currentsetting.htm%EF%BC%89.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.netgear.com/about/security/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required."}, {"lang": "es", "value": "Una fuga de informaci\u00f3n en el componente currentsetting.htm de Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28 y Netgear CBK43 2.5.0.28 permite a los atacantes obtener informaci\u00f3n confidencial sin necesidad de autenticaci\u00f3n."}], "lastModified": "2025-05-27T14:23:12.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:cbk40_firmware:2.5.0.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DCF9378-B518-4E68-BC62-3726408B4A26"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:cbk40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E526746E-1ED6-492E-B28C-A1CA8235D9FD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:cbk43_firmware:2.5.0.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E4ACC9A-4266-4319-AD6E-6CC4726BDB74"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:cbk43:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "582259CB-2616-4A3F-A9B6-C44640C00B11"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:cbr40_firmware:2.5.0.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D5B11E3-9832-4E88-AEFF-75EF2ADE91B4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE0F7E9E-196C-4106-B1C9-C16FA5910A0F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}