CVE-2024-28340

Name of the Vulnerable Software and Affected Versions Netgear CBR40 version 2.5.0.28 Netgear CBK40 version 2.5.0.28 Netgear CBK43 version 2.5.0.28

Description The issue is related to an information leak in the currentsetting.htm component, which allows attackers to obtain sensitive information without any authentication required. This is due to inadequate access control in the web interface of the affected Netgear routers. Exploitation of this issue may allow a remote attacker to disclose protected information or cause a denial of service.

Recommendations For Netgear CBR40 version 2.5.0.28, consider disabling access to the currentsetting.htm component until a patch is available. For Netgear CBK40 version 2.5.0.28, restrict access to the currentsetting.htm component to minimize the risk of exploitation. For Netgear CBK43 version 2.5.0.28, avoid using the currentsetting.htm component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.