cnvd - cnvd-2025-11169

CNVD-2025-11169

Vulnerability from cnvd - Published: 2025-05-27

Title

NETGEAR WN604信息泄露漏洞

Description

NETGEAR WN604是美国网件（NETGEAR）公司的一款小型无线路由器。 NETGEAR WN604存在信息泄露漏洞。攻击者可利用该漏洞访问siteSurvey.php页面，获取无线网络的SSID、安全类型、加密方式和频道等敏感信息。

Severity

中

Formal description

目前厂商尚未发布升级程序修复该安全问题，详情见厂商官网： https://www.netgear.com/

Reference

https://vuldb.com/?id.272556

Impacted products

Name
NETGEAR WN604 <=20240719

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-7153",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-7153"
    }
  },
  "description": "NETGEAR WN604\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08NETGEAR\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5c0f\u578b\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\nNETGEAR WN604\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95eesiteSurvey.php\u9875\u9762\uff0c\u83b7\u53d6\u65e0\u7ebf\u7f51\u7edc\u7684SSID\u3001\u5b89\u5168\u7c7b\u578b\u3001\u52a0\u5bc6\u65b9\u5f0f\u548c\u9891\u9053\u7b49\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.netgear.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-11169",
  "openTime": "2025-05-27",
  "products": {
    "product": "NETGEAR WN604 \u003c=20240719"
  },
  "referenceLink": "https://vuldb.com/?id.272556",
  "serverity": "\u4e2d",
  "submitTime": "2024-07-31",
  "title": "NETGEAR WN604\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2024-7153 (GCVE-0-2024-7153)

Vulnerability from cvelistv5 – Published: 2024-07-27 22:00 – Updated: 2024-08-01 21:52

Title

Netgear WN604 siteSurvey.php direct request

Summary

A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-425 - Direct Request

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.272556	vdb-entry
	https://vuldb.com/?ctiid.272556	signaturepermissions-required
	https://vuldb.com/?submit.377056	third-party-advisory
	https://wiki.shikangsi.com/post/share/e8a2a0a0-5e…	exploit

Impacted products

	Vendor	Product	Version
	Netgear	WN604	Affected: 20240719

Credits

wiki (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:netgear:wn604_firmware:20240719:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wn604_firmware",
            "vendor": "netgear",
            "versions": [
              {
                "status": "affected",
                "version": "20240719"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7153",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-29T18:19:09.449691Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-29T18:23:59.496Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:30.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-272556 | Netgear WN604 siteSurvey.php direct request",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.272556"
          },
          {
            "name": "VDB-272556 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.272556"
          },
          {
            "name": "Submit #377056 | Netgear WN604 Missing Authentication",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.377056"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://wiki.shikangsi.com/post/share/e8a2a0a0-5e72-4bb1-8805-cf155a89f583"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WN604",
          "vendor": "Netgear",
          "versions": [
            {
              "status": "affected",
              "version": "20240719"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "wiki (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine problematische Schwachstelle in Netgear WN604 bis 20240719 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei siteSurvey.php. Durch das Beeinflussen mit unbekannten Daten kann eine direct request-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-27T22:00:08.933Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-272556 | Netgear WN604 siteSurvey.php direct request",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.272556"
        },
        {
          "name": "VDB-272556 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.272556"
        },
        {
          "name": "Submit #377056 | Netgear WN604 Missing Authentication",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.377056"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://wiki.shikangsi.com/post/share/e8a2a0a0-5e72-4bb1-8805-cf155a89f583"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-07-27T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-07-27T07:55:40.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Netgear WN604 siteSurvey.php direct request"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7153",
    "datePublished": "2024-07-27T22:00:08.933Z",
    "dateReserved": "2024-07-27T05:50:25.410Z",
    "dateUpdated": "2024-08-01T21:52:30.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-11169

CVE-2024-7153 (GCVE-0-2024-7153)

Tags

Sightings

Nomenclature