{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4978", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-05-20T06:02:40.058Z", "datePublished": "2025-05-20T13:00:08.375Z", "dateUpdated": "2025-05-20T14:55:01.985Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-20T13:00:08.375Z"}, "title": "Netgear DGND3700 Basic Authentication BRS_top.html improper authentication", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "Improper Authentication"}]}], "affected": [{"vendor": "Netgear", "product": "DGND3700", "versions": [{"version": "1.1.00.15_1.00.15NA", "status": "affected"}], "modules": ["Basic Authentication"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure."}, {"lang": "de", "value": "Es wurde eine sehr kritische Schwachstelle in Netgear DGND3700 1.1.00.15_1.00.15NA gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /BRS_top.html der Komponente Basic Authentication. Dank der Manipulation mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "baseSeverity": "CRITICAL"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "CRITICAL"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "CRITICAL"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 10, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "timeline": [{"time": "2025-05-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-05-20T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-05-20T08:08:13.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "153528990 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.309639", "name": "VDB-309639 | Netgear DGND3700 Basic Authentication BRS_top.html improper authentication", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.309639", "name": "VDB-309639 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.564712", "name": "Submit #564712 | Netgear DGND3700v2 V1.1.00.15_1.00.15NA Backdoor", "tags": ["third-party-advisory"]}, {"url": "https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/backdoor.md", "tags": ["exploit"]}, {"url": "https://www.netgear.com/", "tags": ["product"]}]}, "adp": [{"references": [{"url": "https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/backdoor.md", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-20T14:53:20.546115Z", "id": "CVE-2025-4978", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-20T14:55:01.985Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4978", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-20T14:53:20.546115Z"}}}], "references": [{"url": "https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/backdoor.md", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-20T14:53:35.474Z"}}], "cna": {"title": "Netgear DGND3700 Basic Authentication BRS_top.html improper authentication", "credits": [{"lang": "en", "type": "reporter", "value": "153528990 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 10, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "affected": [{"vendor": "Netgear", "modules": ["Basic Authentication"], "product": "DGND3700", "versions": [{"status": "affected", "version": "1.1.00.15_1.00.15NA"}]}], "timeline": [{"lang": "en", "time": "2025-05-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-05-20T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-05-20T08:08:13.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.309639", "name": "VDB-309639 | Netgear DGND3700 Basic Authentication BRS_top.html improper authentication", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.309639", "name": "VDB-309639 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.564712", "name": "Submit #564712 | Netgear DGND3700v2 V1.1.00.15_1.00.15NA Backdoor", "tags": ["third-party-advisory"]}, {"url": "https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/backdoor.md", "tags": ["exploit"]}, {"url": "https://www.netgear.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure."}, {"lang": "de", "value": "Es wurde eine sehr kritische Schwachstelle in Netgear DGND3700 1.1.00.15_1.00.15NA gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /BRS_top.html der Komponente Basic Authentication. Dank der Manipulation mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "Improper Authentication"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-20T13:00:08.375Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4978", "state": "PUBLISHED", "dateUpdated": "2025-05-20T14:55:01.985Z", "dateReserved": "2025-05-20T06:02:40.058Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-05-20T13:00:08.375Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:dgnd3700_firmware:1.1.00.15_1.00.15na:*:*:*:*:*:*:*", "matchCriteriaId": "3CE829A1-EC2E-47B3-8F03-9C834ED3E5B5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:dgnd3700:v2:*:*:*:*:*:*:*", "matchCriteriaId": "7A8F0B8E-D3F2-43C9-8B12-43DE4226E826", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad clasificada como muy cr\u00edtica en Netgear DGND3700 1.1.00.15_1.00.15NA. Esta vulnerabilidad afecta a una parte desconocida del archivo /BRS_top.html del componente Autenticaci\u00f3n B\u00e1sica. La manipulaci\u00f3n provoca una autenticaci\u00f3n incorrecta. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Otros productos tambi\u00e9n podr\u00edan verse afectados. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad."}], "id": "CVE-2025-4978", "lastModified": "2025-06-12T16:22:12.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-05-20T13:15:48.680", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/backdoor.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.309639"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.309639"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.564712"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.netgear.com/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"], "url": "https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/backdoor.md"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}