Details of VAR-202505-1885

ID

VAR-202505-1885

CVE

CVE-2025-4980

TITLE

of netgear DGND3700 Information disclosure vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-006841

DESCRIPTION

A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. of netgear DGND3700 The firmware contains vulnerabilities related to information leakage and access control.Information may be obtained. Netgear DGND3700 is a wireless router that integrates multiple functions and is suitable for home and small office environments. Attackers can exploit this vulnerability to remotely manipulate the file over the network, resulting in sensitive information leakage

Trust: 2.16

sources: NVD: CVE-2025-4980 // JVNDB: JVNDB-2025-006841 // CNVD: CNVD-2025-10682

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10682

AFFECTED PRODUCTS

vendor:	netgear	model:	dgnd3700	scope:	eq	version:	1.1.00.15_1.00.15na	Trust: 1.0
vendor:	ネットギア	model:	dgnd3700	scope:	eq	version:	dgnd3700 firmware 1.1.00.15 1.00.15na	Trust: 0.8
vendor:	ネットギア	model:	dgnd3700	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	dgnd3700	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	dgnd3700 1.1.00.15 1.00.15	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-10682 // JVNDB: JVNDB-2025-006841 // NVD: CVE-2025-4980

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-4980
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-006841
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-10682
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-4980
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-006841
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-10682
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-4980
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-006841
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-10682 // JVNDB: JVNDB-2025-006841 // NVD: CVE-2025-4980

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [ others ]	Trust: 0.8
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-006841 // NVD: CVE-2025-4980

EXTERNAL IDS

db:	NVD	id:	CVE-2025-4980	Trust: 3.2
db:	VULDB	id:	309640	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-006841	Trust: 0.8
db:	CNVD	id:	CNVD-2025-10682	Trust: 0.6

sources: CNVD: CNVD-2025-10682 // JVNDB: JVNDB-2025-006841 // NVD: CVE-2025-4980

REFERENCES

url:	https://github.com/at0de/my_vulns/blob/main/netgear/dgnd3700v2/currentsetting.md	Trust: 1.8
url:	https://vuldb.com/?id.309640	Trust: 1.8
url:	https://vuldb.com/?submit.564714	Trust: 1.8
url:	https://www.netgear.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-4980	Trust: 1.4
url:	https://vuldb.com/?ctiid.309640	Trust: 1.0

sources: CNVD: CNVD-2025-10682 // JVNDB: JVNDB-2025-006841 // NVD: CVE-2025-4980

SOURCES

db:	CNVD	id:	CNVD-2025-10682
db:	JVNDB	id:	JVNDB-2025-006841
db:	NVD	id:	CVE-2025-4980

LAST UPDATE DATE

2025-06-15T23:43:15.606000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-10682	date:	2025-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2025-006841	date:	2025-06-13T07:59:00
db:	NVD	id:	CVE-2025-4980	date:	2025-06-12T16:21:08.950

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-10682	date:	2025-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2025-006841	date:	2025-06-13T00:00:00
db:	NVD	id:	CVE-2025-4980	date:	2025-05-20T14:15:52.180