Sign-up

ID

VAR-202404-2106


CVE

CVE-2024-4235


TITLE

NETGEAR DG834G Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-22869

DESCRIPTION

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. NETGEAR DG834G is a wireless ADSL firewall modem from NETGEAR. Attackers can exploit this vulnerability to obtain management access rights to the device

Trust: 1.44

sources: NVD: CVE-2024-4235 // CNVD: CNVD-2024-22869

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-22869

AFFECTED PRODUCTS

vendor:netgearmodel:dg834gscope:eqversion:v51.6.01.34

Trust: 0.6

sources: CNVD: CNVD-2024-22869

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-4235
value: LOW

Trust: 1.0

CNVD: CNVD-2024-22869
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2024-4235
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2024-22869
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-4235
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-22869 // NVD: CVE-2024-4235

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.0

sources: NVD: CVE-2024-4235

EXTERNAL IDS

db:NVDid:CVE-2024-4235

Trust: 1.6

db:VULDBid:262126

Trust: 1.0

db:CNVDid:CNVD-2024-22869

Trust: 0.6

sources: CNVD: CNVD-2024-22869 // NVD: CVE-2024-4235

REFERENCES

url:https://netsecfish.notion.site/netgear-dg834gv5-plain-text-credentials-exposure-22e94fe066014490bebd349775d10b27?pvs=4

Trust: 1.0

url:https://vuldb.com/?ctiid.262126

Trust: 1.0

url:https://vuldb.com/?id.262126

Trust: 1.0

url:https://vuldb.com/?submit.319148

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-4235

Trust: 0.6

sources: CNVD: CNVD-2024-22869 // NVD: CVE-2024-4235

SOURCES

db:CNVDid:CNVD-2024-22869
db:NVDid:CVE-2024-4235

LAST UPDATE DATE

2024-08-14T15:05:08.558000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-22869date:2024-05-16T00:00:00
db:NVDid:CVE-2024-4235date:2024-06-04T19:20:32.857

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-22869date:2024-05-14T00:00:00
db:NVDid:CVE-2024-4235date:2024-04-26T18:15:46.527