Sign-up

ID

VAR-202403-2678


CVE

CVE-2024-28339


TITLE

Information disclosure vulnerability in multiple NETGEAR products

Trust: 0.8

sources: JVNDB: JVNDB-2024-024226

DESCRIPTION

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. NETGEAR CBR40/CBK40/CBM43 are all routers from NETGEAR. Hardware devices that connect two or more networks and act as gateways between networks

Trust: 2.16

sources: NVD: CVE-2024-28339 // JVNDB: JVNDB-2024-024226 // CNVD: CNVD-2025-13435

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-13435

AFFECTED PRODUCTS

vendor:netgearmodel:cbr40scope:eqversion:2.5.0.28

Trust: 1.6

vendor:netgearmodel:cbk40scope:eqversion:2.5.0.28

Trust: 1.6

vendor:netgearmodel:cbk43scope:eqversion:2.5.0.28

Trust: 1.0

vendor:ネットギアmodel:cbr40scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:cbk43scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:cbk40scope: - version: -

Trust: 0.8

vendor:netgearmodel:cbm43scope:eqversion:2.5.0.28

Trust: 0.6

sources: CNVD: CNVD-2025-13435 // JVNDB: JVNDB-2024-024226 // NVD: CVE-2024-28339

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-28339
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-024226
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-13435
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-13435
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-28339
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-024226
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-13435 // JVNDB: JVNDB-2024-024226 // NVD: CVE-2024-28339

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:information leak (CWE-200) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-024226 // NVD: CVE-2024-28339

EXTERNAL IDS

db:NVDid:CVE-2024-28339

Trust: 3.2

db:JVNDBid:JVNDB-2024-024226

Trust: 0.8

db:CNVDid:CNVD-2025-13435

Trust: 0.6

sources: CNVD: CNVD-2025-13435 // JVNDB: JVNDB-2024-024226 // NVD: CVE-2024-28339

REFERENCES

url:https://www.netgear.com/about/security/

Trust: 2.4

url:https://github.com/funny-mud-peee/iot-vuls/blob/main/netgear%20cbr40%5ccbk40%5ccbk43/info%20leak%20in%20netgear-cbr40%e3%80%81cbk40%e3%80%81cbk43%20router%ef%bc%88debuginfo.htm%ef%bc%89.md

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-28339

Trust: 0.8

sources: CNVD: CNVD-2025-13435 // JVNDB: JVNDB-2024-024226 // NVD: CVE-2024-28339

SOURCES

db:CNVDid:CNVD-2025-13435
db:JVNDBid:JVNDB-2024-024226
db:NVDid:CVE-2024-28339

LAST UPDATE DATE

2025-06-26T23:35:45.960000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-13435date:2025-06-25T00:00:00
db:JVNDBid:JVNDB-2024-024226date:2025-05-28T00:59:00
db:NVDid:CVE-2024-28339date:2025-05-27T14:23:49.793

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-13435date:2025-06-25T00:00:00
db:JVNDBid:JVNDB-2024-024226date:2025-05-28T00:00:00
db:NVDid:CVE-2024-28339date:2024-03-12T17:15:59.093