Sign-up

ID

VAR-202402-0401


CVE

CVE-2024-1430


TITLE

of netgear  R7000  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-002818

DESCRIPTION

A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The identifier VDB-253381 was assigned to this vulnerability

Trust: 1.71

sources: NVD: CVE-2024-1430 // JVNDB: JVNDB-2024-002818 // VULMON: CVE-2024-1430

AFFECTED PRODUCTS

vendor:netgearmodel:r7000scope:eqversion:1.0.11.136_10.2.120

Trust: 1.0

vendor:ネットギアmodel:r7000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:r7000scope:eqversion:r7000 firmware 1.0.11.136 10.2.120

Trust: 0.8

vendor:ネットギアmodel:r7000scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-002818 // NVD: CVE-2024-1430

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-1430
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-1430
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-1430
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2024-1430
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

cna@vuldb.com: CVE-2024-1430
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-1430
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-1430
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002818 // NVD: CVE-2024-1430 // NVD: CVE-2024-1430

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002818 // NVD: CVE-2024-1430

EXTERNAL IDS

db:NVDid:CVE-2024-1430

Trust: 2.7

db:VULDBid:253381

Trust: 1.9

db:JVNDBid:JVNDB-2024-002818

Trust: 0.8

db:VULMONid:CVE-2024-1430

Trust: 0.1

sources: VULMON: CVE-2024-1430 // JVNDB: JVNDB-2024-002818 // NVD: CVE-2024-1430

REFERENCES

url:https://vuldb.com/?id.253381

Trust: 1.9

url:https://github.com/leetsun/hints/tree/main/r7000/1

Trust: 1.9

url:https://vuldb.com/?ctiid.253381

Trust: 1.1

url:https://vuldb.com/?submit.276025

Trust: 1.0

url:https://www.netgear.com/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-1430

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2024-1430 // JVNDB: JVNDB-2024-002818 // NVD: CVE-2024-1430

SOURCES

db:VULMONid:CVE-2024-1430
db:JVNDBid:JVNDB-2024-002818
db:NVDid:CVE-2024-1430

LAST UPDATE DATE

2024-08-25T23:35:45.598000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2024-1430date:2024-02-11T00:00:00
db:JVNDBid:JVNDB-2024-002818date:2024-02-20T01:33:00
db:NVDid:CVE-2024-1430date:2024-08-25T06:15:03.247

SOURCES RELEASE DATE

db:VULMONid:CVE-2024-1430date:2024-02-11T00:00:00
db:JVNDBid:JVNDB-2024-002818date:2024-02-20T00:00:00
db:NVDid:CVE-2024-1430date:2024-02-11T01:15:07.750