id: CVE-2024-30570

info:
  name: Netgear R6850 - Information Disclosure
  author: ritikchaddha
  severity: medium
  description: |
    Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the debuginfo.htm page. This hidden interface is not protected by authentication, allowing unauthenticated attackers to access sensitive informationsuch as product model name, WAN connection type, and potentially other system details.
  impact: |
    Attackers can obtain sensitive information from the router, potentially aiding further attacks.
  remediation: |
    Update Netgear R6850 firmware to a version that patches the information disclosure vulnerability.
  reference:
    - https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Info%20Leak%20in%20Netgear-R6850%EF%BC%88debuginfo.htm%EF%BC%89.md
    - https://nvd.nist.gov/vuln/detail/CVE-2024-30570
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-30570
    cwe-id: CWE-200
    epss-score: 0.13242
    epss-percentile: 0.94278
  metadata:
    verified: true
    max-request: 1
    product: Netgear R6850 Router
    vendor: Netgear
    version: V1.1.0.88
    fofa-query: app="NETGEAR" && "R6850"
  tags: cve,cve2024,netgear,router,exposure,unauth,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/debuginfo.htm"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<br>WAN connection type"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100fe09f86cc8e4aa7662052df742ac4fc3c103d86eae4a3505de9a7e9dc9d73c16022100a566d619703b3c1fc051a0a8e755cdf7716c40d07d6a1bec3cf2ae174bde6b7a:922c64590222798bb761d5b6d8e72950