Information Disclosure in Netgear WN604 Web Interface
CVE-2024-6646

Currently unrated

Key Information:

Vendor
Netgear
Status
WN604
Vendor
CVE Published:
10 July 2024

Summary

A vulnerability exists in the Netgear WN604 wireless access point up to version 20240710, specifically affecting the /downloadFile.php component of the Web Interface. This flaw allows attackers to manipulate the 'file' argument, leading to unauthorized information disclosure. The potential for remote exploitation underscores the need for urgent attention, as the details of the exploit have been made public. Users and administrators of WN604 should ensure that their devices are updated to mitigate this risk.

References

https://vuldb.com/?id.271052
https://vuldb.com/?ctiid.271052
https://vuldb.com/?submit.367382

EPSS Score

82% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

.