CVE-2025-4978 CRITICAL

CVE-2025-4978: Netgear DGND3700 Basic Authentication BRS_top.html improper authentication

Vendor Netgear
Product DGND3700
Weakness CWE-287 · Improper authentication
Published May 20, 2025
Last update May 20, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure.

Key dates

02Disclosure timeline

May 20, 2025 CVE published
May 20, 2025 Record updated