PT-2024-2619 · NetGear · Netgear Cbr40+1
Published
2024-03-12
·
Updated
2025-05-27
·
CVE-2024-28339
CVSS v3.1
5.4
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Netgear CBR40 version 2.5.0.28
Netgear CBK40 version 2.5.0.28
Netgear CBK43 version 2.5.0.28
Description
The issue is related to an information leak in the debuginfo.htm component, which allows attackers to obtain sensitive information without any authentication required. This is due to inadequate access control in the component. The leak can be exploited remotely.
Recommendations
For Netgear CBR40 version 2.5.0.28, consider disabling access to the debuginfo.htm component until a patch is available.
For Netgear CBK40 version 2.5.0.28, restrict access to the debuginfo.htm component to minimize the risk of exploitation.
For Netgear CBK43 version 2.5.0.28, avoid using the debuginfo.htm component until the issue is resolved.
As a temporary workaround, consider disabling the debuginfo.htm component for all affected devices until a patch is available.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Cbr40
Netgear Cbk43