CVE-2025-4978 | THREATINT

Description

A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure.

Es wurde eine sehr kritische Schwachstelle in Netgear DGND3700 1.1.00.15_1.00.15NA gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /BRS_top.html der Komponente Basic Authentication. Dank der Manipulation mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

PUBLISHED Reserved 2025-05-20 | Published 2025-05-20 | Updated 2025-05-20 | Assigner VulDB

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10.0AV:N/AC:L/Au:N/C:C/I:C/A:C

Problem types

Improper Authentication

Product status

1.1.00.15_1.00.15NA

affected

Timeline

2025-05-20:	Advisory disclosed
2025-05-20:	VulDB entry created
2025-05-20:	VulDB entry last update

Credits

153528990 (VulDB User) reporter

References

github.com/...vulns/blob/main/Netgear/DGND3700v2/backdoor.md exploit

vuldb.com/?id.309639 (VDB-309639 | Netgear DGND3700 Basic Authentication BRS_top.html improper authentication) vdb-entry

vuldb.com/?ctiid.309639 (VDB-309639 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.564712 (Submit #564712 | Netgear DGND3700v2 V1.1.00.15_1.00.15NA Backdoor) third-party-advisory

github.com/...vulns/blob/main/Netgear/DGND3700v2/backdoor.md exploit

www.netgear.com/ product

cve.org (CVE-2025-4978)

nvd.nist.gov (CVE-2025-4978)

Download JSON