CVE-2025-4980: Netgear DGND3700 mini_http currentsetting.htm information disclosure
Description
A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. In Netgear DGND3700 1.1.00.15_1.00.15NA wurde eine problematische Schwachstelle gefunden. Es geht um eine nicht näher bekannte Funktion der Datei /currentsetting.htm der Komponente mini_http. Dank Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2025-4980
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.9
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products
Vendor: Netgear
Product: DGND3700
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.07% (probability of being exploited)
EPSS Percentile: 22.57% (scored less or equal to compared to others)
EPSS Date: 2025-06-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-4980https://vuldb.com/?id.309640
https://vuldb.com/?ctiid.309640
https://vuldb.com/?submit.564714
https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/currentsetting.md
https://www.netgear.com/