{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-4980","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-05-20T06:02:42.723Z","datePublished":"2025-05-20T14:00:06.347Z","dateUpdated":"2025-05-20T14:08:50.774Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-05-20T14:00:06.347Z"},"title":"Netgear DGND3700 mini_http currentsetting.htm information disclosure","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-200","lang":"en","description":"Information Disclosure"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]}],"affected":[{"vendor":"Netgear","product":"DGND3700","versions":[{"version":"1.1.00.15_1.00.15NA","status":"affected"}],"modules":["mini_http"]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure."},{"lang":"de","value":"In Netgear DGND3700 1.1.00.15_1.00.15NA wurde eine problematische Schwachstelle gefunden. Es geht um eine nicht näher bekannte Funktion der Datei /currentsetting.htm der Komponente mini_http. Dank Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}}],"timeline":[{"time":"2025-05-20T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-05-20T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-05-20T08:08:15.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"153528990 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.309640","name":"VDB-309640 | Netgear DGND3700 mini_http currentsetting.htm information disclosure","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.309640","name":"VDB-309640 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.564714","name":"Submit #564714 | Netgear DGND3700v2 V1.1.00.15_1.00.15NA Exposure of Sensitive System Information to an Unauthorized Cont","tags":["third-party-advisory"]},{"url":"https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/currentsetting.md","tags":["exploit"]},{"url":"https://www.netgear.com/","tags":["product"]}]},"adp":[{"references":[{"url":"https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/currentsetting.md","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-20T14:08:48.305109Z","id":"CVE-2025-4980","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-20T14:08:50.774Z"}}]}}