CVE-2024-6646

Name of the Vulnerable Software and Affected Versions: Netgear WN604 versions up to 20240710

Description: A vulnerability was found in the Web Interface component of Netgear WN604, specifically in the /downloadFile.php file. The issue is related to insufficient protection of internal data. The manipulation of the file argument with the input config leads to information disclosure. This can be exploited remotely. The vulnerability allows an attacker to disclose protected information.

Recommendations: For Netgear WN604 versions up to 20240710, as a temporary workaround, consider restricting access to the /downloadFile.php file until a patch is available. Avoid using the file argument with the input config in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.