Details of VAR-202403-2112

ID

VAR-202403-2112

CVE

CVE-2024-28340

TITLE

Information disclosure vulnerability in multiple NETGEAR products

Trust: 0.8

sources: JVNDB: JVNDB-2024-024254

DESCRIPTION

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. NETGEAR CBR40/CBK40/CBM43 are all routers from NETGEAR. Hardware devices that connect two or more networks and act as gateways between networks. The vulnerability stems from the currentsetting.htm component's insufficient protection of sensitive information

Trust: 2.16

sources: NVD: CVE-2024-28340 // JVNDB: JVNDB-2024-024254 // CNVD: CNVD-2025-13434

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13434

AFFECTED PRODUCTS

vendor:	netgear	model:	cbr40	scope:	eq	version:	2.5.0.28	Trust: 1.6
vendor:	netgear	model:	cbk40	scope:	eq	version:	2.5.0.28	Trust: 1.6
vendor:	netgear	model:	cbk43	scope:	eq	version:	2.5.0.28	Trust: 1.0
vendor:	ネットギア	model:	cbr40	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	cbk43	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	cbk40	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	cbm43	scope:	eq	version:	2.5.0.28	Trust: 0.6

sources: CNVD: CNVD-2025-13434 // JVNDB: JVNDB-2024-024254 // NVD: CVE-2024-28340

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-28340
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-024254
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-13434
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-13434
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-28340
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-024254
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-13434 // JVNDB: JVNDB-2024-024254 // NVD: CVE-2024-28340

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-024254 // NVD: CVE-2024-28340

EXTERNAL IDS

db:	NVD	id:	CVE-2024-28340	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-024254	Trust: 0.8
db:	CNVD	id:	CNVD-2025-13434	Trust: 0.6

sources: CNVD: CNVD-2025-13434 // JVNDB: JVNDB-2024-024254 // NVD: CVE-2024-28340

REFERENCES

url:	https://www.netgear.com/about/security/	Trust: 2.4
url:	https://github.com/funny-mud-peee/iot-vuls/blob/main/netgear%20cbr40%5ccbk40%5ccbk43/info%20leak%20in%20netgear-cbr40%e3%80%81cbk40%e3%80%81cbk43%20router%ef%bc%88currentsetting.htm%ef%bc%89.md	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-28340	Trust: 0.8

sources: CNVD: CNVD-2025-13434 // JVNDB: JVNDB-2024-024254 // NVD: CVE-2024-28340

SOURCES

db:	CNVD	id:	CNVD-2025-13434
db:	JVNDB	id:	JVNDB-2024-024254
db:	NVD	id:	CVE-2024-28340

LAST UPDATE DATE

2025-06-26T23:27:23.351000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-13434	date:	2025-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-024254	date:	2025-05-28T05:35:00
db:	NVD	id:	CVE-2024-28340	date:	2025-05-27T14:23:12.727

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-13434	date:	2025-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2024-024254	date:	2025-05-28T00:00:00
db:	NVD	id:	CVE-2024-28340	date:	2024-03-12T17:15:59.140