CVE-2024-1430 MEDIUM

CVE-2024-1430: Netgear R7000 Web Management Interface currentsetting.htm information disclosure

Vendor Netgear

Product R7000

Weakness CWE-200 · Info exposure

Published February 11, 2024

Last update August 25, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

February 11, 2024 CVE published

August 25, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-1430 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2024-1430: Netgear R7000 Web Management Interface currentsetting.htm information disclosure

01Description

02Disclosure timeline

03References

04Related CVE