CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-6646

High Severity
SVRS
56/100
CVSSv3
5.3/10
EPSS
0.91554/1

CVE-2024-6646: Information Disclosure vulnerability in Netgear WN604. This security flaw allows for remote unauthorized access to sensitive information via the /downloadFile.php endpoint in the web interface. A successful exploit can lead to the disclosure of confidential data.

Although rated 'problematic' and having a CVSS score of 5.3, the SOCRadar Vulnerability Risk Score (SVRS) for CVE-2024-6646 is 56, indicating a moderate level of risk. The vulnerability involves CWE-200, and the fact that it has been disclosed publicly and is tagged 'In The Wild' increases the likelihood of exploitation. The lack of response from the vendor further exacerbates the risk, making mitigation a higher priority.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:L
I:N
A:N
PUBLICATION DATE2024-07-10
LAST MODIFIED2024-07-11

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Firmware Guide for Pen Testers
Paul Asadoorian2024-08-13
Firmware Guide for Pen Testers | Contributions from Mathew Mullins, Supply Chain Security Consultant here at Eclypsium. Introduction Penetration tests come in many different varieties with the scope varying from all-inclusive to highly specific. When the penetration testing engagement includes devices there is an opportunity to both highlight weaknesses and weaponize the firmware. Many resources and materials exist that explain how […] The post Firmware Guide for Pen Testers appeared first on Eclypsium | Supply Chain
eclypsium.com
rss
forum
news
CVE-2024-6646 | Netgear WN604 up to 20240710 Web Interface /downloadFile.php file information disclosure
vuldb.com2024-07-10
CVE-2024-6646 | Netgear WN604 up to 20240710 Web Interface /downloadFile.php file information disclosure | A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config</code
cve-2024-6646
domains
urls
cves

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/mikutool/vul/issues/1
[email protected]https://vuldb.com/?ctiid.271052
[email protected]https://vuldb.com/?id.271052
[email protected]https://vuldb.com/?submit.367382

CWE Details

CWE IDCWE NameDescription
CWE-200Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence