cnvd - cnvd-2025-10682

cnvd-2025-10682

Vulnerability from cnvd

Title: Netgear DGND3700信息泄露漏洞

Description:

Netgear DGND3700是一款集成了多种功能的无线路由器，适用于家庭和小型办公室环境。

Netgear DGND3700存在信息泄露漏洞。该漏洞源于mini_http组件文件/currentsetting.htm的未知代码。攻击者可利用该漏洞通过网络远程操纵该文件，导致敏感信息泄露。

Severity: 中

Formal description:

目前厂商尚未发布升级程序修复该安全问题，详情见厂商官网： https://www.netgear.com/

Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-4980

Impacted products

Name
NETGEAR Netgear DGND3700 1.1.00.15_1.00.15

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-4980",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-4980"
    }
  },
  "description": "Netgear DGND3700\u662f\u4e00\u6b3e\u96c6\u6210\u4e86\u591a\u79cd\u529f\u80fd\u7684\u65e0\u7ebf\u8def\u7531\u5668\uff0c\u9002\u7528\u4e8e\u5bb6\u5ead\u548c\u5c0f\u578b\u529e\u516c\u5ba4\u73af\u5883\u3002\n\nNetgear DGND3700\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8emini_http\u7ec4\u4ef6\u6587\u4ef6/currentsetting.htm\u7684\u672a\u77e5\u4ee3\u7801\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7f51\u7edc\u8fdc\u7a0b\u64cd\u7eb5\u8be5\u6587\u4ef6\uff0c\u5bfc\u81f4\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.netgear.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-10682",
  "openTime": "2025-05-27",
  "products": {
    "product": "NETGEAR Netgear DGND3700 1.1.00.15_1.00.15"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-4980",
  "serverity": "\u4e2d",
  "submitTime": "2025-05-23",
  "title": "Netgear DGND3700\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2025-4980 (GCVE-0-2025-4980)

Vulnerability from cvelistv5

Published

2025-05-20 14:00

Modified

2025-05-20 14:08

Severity ?

6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Information Disclosure
CWE-284 - Improper Access Controls

Summary

A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure.

References

▼	URL	Tags
	https://vuldb.com/?id.309640	vdb-entry
	https://vuldb.com/?ctiid.309640	signature, permissions-required
	https://vuldb.com/?submit.564714	third-party-advisory
	https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/currentsetting.md	exploit
	https://www.netgear.com/	product

Impacted products

	Vendor	Product	Version
	Netgear	DGND3700	Version: 1.1.00.15_1.00.15NA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4980",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T14:08:48.305109Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T14:08:50.774Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/currentsetting.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "mini_http"
          ],
          "product": "DGND3700",
          "vendor": "Netgear",
          "versions": [
            {
              "status": "affected",
              "version": "1.1.00.15_1.00.15NA"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "153528990 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure."
        },
        {
          "lang": "de",
          "value": "In Netgear DGND3700 1.1.00.15_1.00.15NA wurde eine problematische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /currentsetting.htm der Komponente mini_http. Dank Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Information Disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-20T14:00:06.347Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-309640 | Netgear DGND3700 mini_http currentsetting.htm information disclosure",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.309640"
        },
        {
          "name": "VDB-309640 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.309640"
        },
        {
          "name": "Submit #564714 | Netgear DGND3700v2 V1.1.00.15_1.00.15NA Exposure of Sensitive System Information to an Unauthorized Cont",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.564714"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/currentsetting.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.netgear.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-20T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-05-20T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-05-20T08:08:15.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Netgear DGND3700 mini_http currentsetting.htm information disclosure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-4980",
    "datePublished": "2025-05-20T14:00:06.347Z",
    "dateReserved": "2025-05-20T06:02:42.723Z",
    "dateUpdated": "2025-05-20T14:08:50.774Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted