Sign-up

ID

VAR-202505-1905


CVE

CVE-2025-4977


TITLE

of netgear  DGND3700  Information disclosure vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-006842

DESCRIPTION

A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. of netgear DGND3700 The firmware contains vulnerabilities related to information leakage and access control.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2025-4977 // JVNDB: JVNDB-2025-006842

AFFECTED PRODUCTS

vendor:netgearmodel:dgnd3700scope:eqversion:1.1.00.15_1.00.15na

Trust: 1.0

vendor:ネットギアmodel:dgnd3700scope:eqversion:dgnd3700 firmware 1.1.00.15 1.00.15na

Trust: 0.8

vendor:ネットギアmodel:dgnd3700scope:eqversion: -

Trust: 0.8

vendor:ネットギアmodel:dgnd3700scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-006842 // NVD: CVE-2025-4977

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-4977
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-006842
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2025-4977
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-006842
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-4977
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-006842
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-006842 // NVD: CVE-2025-4977

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-200

Trust: 1.0

problemtype:information leak (CWE-200) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-006842 // NVD: CVE-2025-4977

EXTERNAL IDS

db:NVDid:CVE-2025-4977

Trust: 2.6

db:VULDBid:309638

Trust: 1.8

db:JVNDBid:JVNDB-2025-006842

Trust: 0.8

sources: JVNDB: JVNDB-2025-006842 // NVD: CVE-2025-4977

REFERENCES

url:https://github.com/at0de/my_vulns/blob/main/netgear/dgnd3700v2/brs_top.md

Trust: 1.8

url:https://vuldb.com/?id.309638

Trust: 1.8

url:https://vuldb.com/?submit.564711

Trust: 1.8

url:https://www.netgear.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.309638

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-4977

Trust: 0.8

sources: JVNDB: JVNDB-2025-006842 // NVD: CVE-2025-4977

SOURCES

db:JVNDBid:JVNDB-2025-006842
db:NVDid:CVE-2025-4977

LAST UPDATE DATE

2025-06-15T23:44:28.523000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-006842date:2025-06-13T07:59:00
db:NVDid:CVE-2025-4977date:2025-06-12T16:22:28.493

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-006842date:2025-06-13T00:00:00
db:NVDid:CVE-2025-4977date:2025-05-20T13:15:48.443