Search criteria
3 vulnerabilities found for cbk43 by netgear
VAR-202403-2678
Vulnerability from variot - Updated: 2025-06-26 23:35An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. NETGEAR CBR40/CBK40/CBM43 are all routers from NETGEAR. Hardware devices that connect two or more networks and act as gateways between networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202403-2678",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cbr40",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "2.5.0.28"
},
{
"model": "cbk40",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "2.5.0.28"
},
{
"model": "cbk43",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": "2.5.0.28"
},
{
"model": "cbr40",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "cbk43",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "cbk40",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "cbm43",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "2.5.0.28"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024226"
},
{
"db": "NVD",
"id": "CVE-2024-28339"
}
]
},
"cve": "CVE-2024-28339",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-13435",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2024-28339",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-024226",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-28339",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2024-024226",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-13435",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024226"
},
{
"db": "NVD",
"id": "CVE-2024-28339"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. NETGEAR CBR40/CBK40/CBM43 are all routers from NETGEAR. Hardware devices that connect two or more networks and act as gateways between networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-28339"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024226"
},
{
"db": "CNVD",
"id": "CNVD-2025-13435"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-28339",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024226",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-13435",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024226"
},
{
"db": "NVD",
"id": "CVE-2024-28339"
}
]
},
"id": "VAR-202403-2678",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13435"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13435"
}
]
},
"last_update_date": "2025-06-26T23:35:45.960000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024226"
},
{
"db": "NVD",
"id": "CVE-2024-28339"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.netgear.com/about/security/"
},
{
"trust": 1.8,
"url": "https://github.com/funny-mud-peee/iot-vuls/blob/main/netgear%20cbr40%5ccbk40%5ccbk43/info%20leak%20in%20netgear-cbr40%e3%80%81cbk40%e3%80%81cbk43%20router%ef%bc%88debuginfo.htm%ef%bc%89.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-28339"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024226"
},
{
"db": "NVD",
"id": "CVE-2024-28339"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-13435"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024226"
},
{
"db": "NVD",
"id": "CVE-2024-28339"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13435"
},
{
"date": "2025-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-024226"
},
{
"date": "2024-03-12T17:15:59.093000",
"db": "NVD",
"id": "CVE-2024-28339"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13435"
},
{
"date": "2025-05-28T00:59:00",
"db": "JVNDB",
"id": "JVNDB-2024-024226"
},
{
"date": "2025-05-27T14:23:49.793000",
"db": "NVD",
"id": "CVE-2024-28339"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information disclosure vulnerability in multiple NETGEAR products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024226"
}
],
"trust": 0.8
}
}
VAR-202403-2112
Vulnerability from variot - Updated: 2025-06-26 23:27An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. NETGEAR CBR40/CBK40/CBM43 are all routers from NETGEAR. Hardware devices that connect two or more networks and act as gateways between networks. The vulnerability stems from the currentsetting.htm component's insufficient protection of sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202403-2112",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cbr40",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "2.5.0.28"
},
{
"model": "cbk40",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "2.5.0.28"
},
{
"model": "cbk43",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": "2.5.0.28"
},
{
"model": "cbr40",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "cbk43",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "cbk40",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "cbm43",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "2.5.0.28"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13434"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024254"
},
{
"db": "NVD",
"id": "CVE-2024-28340"
}
]
},
"cve": "CVE-2024-28340",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-13434",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-28340",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-024254",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-28340",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-024254",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-13434",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13434"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024254"
},
{
"db": "NVD",
"id": "CVE-2024-28340"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. NETGEAR CBR40/CBK40/CBM43 are all routers from NETGEAR. Hardware devices that connect two or more networks and act as gateways between networks. The vulnerability stems from the currentsetting.htm component\u0027s insufficient protection of sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-28340"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024254"
},
{
"db": "CNVD",
"id": "CNVD-2025-13434"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-28340",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024254",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-13434",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13434"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024254"
},
{
"db": "NVD",
"id": "CVE-2024-28340"
}
]
},
"id": "VAR-202403-2112",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13434"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13434"
}
]
},
"last_update_date": "2025-06-26T23:27:23.351000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024254"
},
{
"db": "NVD",
"id": "CVE-2024-28340"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.netgear.com/about/security/"
},
{
"trust": 1.8,
"url": "https://github.com/funny-mud-peee/iot-vuls/blob/main/netgear%20cbr40%5ccbk40%5ccbk43/info%20leak%20in%20netgear-cbr40%e3%80%81cbk40%e3%80%81cbk43%20router%ef%bc%88currentsetting.htm%ef%bc%89.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-28340"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-13434"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024254"
},
{
"db": "NVD",
"id": "CVE-2024-28340"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-13434"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-024254"
},
{
"db": "NVD",
"id": "CVE-2024-28340"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13434"
},
{
"date": "2025-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-024254"
},
{
"date": "2024-03-12T17:15:59.140000",
"db": "NVD",
"id": "CVE-2024-28340"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-13434"
},
{
"date": "2025-05-28T05:35:00",
"db": "JVNDB",
"id": "JVNDB-2024-024254"
},
{
"date": "2025-05-27T14:23:12.727000",
"db": "NVD",
"id": "CVE-2024-28340"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information disclosure vulnerability in multiple NETGEAR products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-024254"
}
],
"trust": 0.8
}
}
VAR-202102-0332
Vulnerability from variot - Updated: 2024-11-23 22:29This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076. NETGEAR Orbi Has OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-11076 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ex8000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.224"
},
{
"_id": null,
"model": "rbk20 router",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"_id": null,
"model": "ex6200",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.1.82"
},
{
"_id": null,
"model": "rbk43 satellite",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"_id": null,
"model": "rbk15",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"_id": null,
"model": "rbr50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"_id": null,
"model": "rbk20 satellite",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"_id": null,
"model": "rbk50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"_id": null,
"model": "rbk12",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"_id": null,
"model": "rbs10",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"_id": null,
"model": "cbk43",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"_id": null,
"model": "rbr40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"_id": null,
"model": "rbk13",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"_id": null,
"model": "rbk52w",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"_id": null,
"model": "rbk30",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"_id": null,
"model": "cbr40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"_id": null,
"model": "rbk44 router",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"_id": null,
"model": "rbk43s satellite",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"_id": null,
"model": "ex7700",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.0.210"
},
{
"_id": null,
"model": "rbk43 router",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"_id": null,
"model": "rbs40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"_id": null,
"model": "rbk14",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"_id": null,
"model": "rbk20w",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"_id": null,
"model": "cbk40",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"_id": null,
"model": "rbk22 router",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"_id": null,
"model": "rbr20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"_id": null,
"model": "rbk23 satellite",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"_id": null,
"model": "rbk33",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"_id": null,
"model": "rbk23w",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"_id": null,
"model": "rbk40 satellite",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"_id": null,
"model": "rbr10",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.44"
},
{
"_id": null,
"model": "rbk22 satellite",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"_id": null,
"model": "rbk43s router",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"_id": null,
"model": "rbk50v",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"_id": null,
"model": "rbk40 router",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"_id": null,
"model": "rbk23 router",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.36"
},
{
"_id": null,
"model": "rbs20",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"_id": null,
"model": "rbs50",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.40"
},
{
"_id": null,
"model": "rbk44 satellite",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.1.38"
},
{
"_id": null,
"model": "cbk43",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "rbk12",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "cbr40",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "ex7700",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "ex6200",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "ex8000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "cbk40",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "rbk15",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "rbk13",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "rbk14",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"_id": null,
"model": "orbi",
"scope": null,
"trust": 0.7,
"vendor": "netgear",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1430"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015997"
},
{
"db": "NVD",
"id": "CVE-2020-27861"
}
]
},
"credits": {
"_id": null,
"data": "Shaunak Mirani",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1430"
}
],
"trust": 0.7
},
"cve": "CVE-2020-27861",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-27861",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-27861",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-27861",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-27861",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27861",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2020-27861",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-27861",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-27861",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1082",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-27861",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1430"
},
{
"db": "VULMON",
"id": "CVE-2020-27861"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015997"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1082"
},
{
"db": "NVD",
"id": "CVE-2020-27861"
},
{
"db": "NVD",
"id": "CVE-2020-27861"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076. NETGEAR Orbi Has OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-11076 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27861"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015997"
},
{
"db": "ZDI",
"id": "ZDI-20-1430"
},
{
"db": "VULMON",
"id": "CVE-2020-27861"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-27861",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-20-1430",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015997",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11076",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1082",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-27861",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1430"
},
{
"db": "VULMON",
"id": "CVE-2020-27861"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015997"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1082"
},
{
"db": "NVD",
"id": "CVE-2020-27861"
}
]
},
"id": "VAR-202102-0332",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.259371377
},
"last_update_date": "2024-11-23T22:29:19.265000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Unauthenticated\u00a0Command\u00a0Injection\u00a0Vulnerability\u00a0on\u00a0Some\u00a0Extenders\u00a0and\u00a0Orbi\u00a0WiFi\u00a0Systems,\u00a0PSV-2020-0301",
"trust": 0.8,
"url": "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0301"
},
{
"title": "NETGEAR has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://kb.netgear.com/000062507/Security-Advisory-for-Unauthenticated-Command-Injection-Vulnerability-on-Some-Extenders-and-Orbi-WiFi-Systems"
},
{
"title": "Netgear NETGEAR Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142366"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/f1tao/awesome-iot-security-resource "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1430"
},
{
"db": "VULMON",
"id": "CVE-2020-27861"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015997"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1082"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015997"
},
{
"db": "NVD",
"id": "CVE-2020-27861"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-1430/"
},
{
"trust": 2.4,
"url": "https://kb.netgear.com/000062507/security-advisory-for-unauthenticated-command-injection-vulnerability-on-some-extenders-and-orbi-wifi-systems"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27861"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/f1tao/awesome-iot-security-resource"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-1430"
},
{
"db": "VULMON",
"id": "CVE-2020-27861"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015997"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1082"
},
{
"db": "NVD",
"id": "CVE-2020-27861"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-1430",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-27861",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015997",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1082",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-27861",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1430",
"ident": null
},
{
"date": "2021-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27861",
"ident": null
},
{
"date": "2021-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015997",
"ident": null
},
{
"date": "2021-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1082",
"ident": null
},
{
"date": "2021-02-12T00:15:12.500000",
"db": "NVD",
"id": "CVE-2020-27861",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-20-1430",
"ident": null
},
{
"date": "2021-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27861",
"ident": null
},
{
"date": "2021-10-29T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2020-015997",
"ident": null
},
{
"date": "2021-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1082",
"ident": null
},
{
"date": "2024-11-21T05:21:57.107000",
"db": "NVD",
"id": "CVE-2020-27861",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1082"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "NETGEAR\u00a0Orbi\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015997"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1082"
}
],
"trust": 0.6
}
}