Vulnerability in Netgear R7000 Could Lead to Information Disclosure

CVE-2024-1430

6.5MEDIUM

Key Information

Vendor: Netgear
Status: R7000
Vendor: CVE Published:; 11 February 2024

Summary

A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Version(s)

R7000 = 1.0.11.136_10.2.120

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 6.5 to: 4.3 - (MEDIUM)
Aug 25, 2024
Risk change from: 6.5 to: 4.3 - (MEDIUM)
Aug 25, 2024
VulDB entry last update
Mar 3, 2024
Vulnerability published.
Feb 11, 2024
Vulnerability Reserved.
Feb 10, 2024
VulDB entry created
Feb 10, 2024
Advisory disclosed
Feb 10, 2024
CVE reserved
Feb 10, 2024

Collectors

NVD DatabaseMitre Database

Credit

leetsun (VulDB User)