Netgear DGND3700 Information Disclosure Vulnerability

A vulnerability allowing unauthorized access to sensitive information has been identified in the Netgear DGND3700 router, specifically in the firmware version 1.1.00.15_1.00.15NA. This issue arises in the mini_http component, within the file '/currentsetting.htm'. The vulnerability can be exploited remotely without authentication, leading to the exposure of internal device data such as the firmware version, model, region tag, and internet connection status.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive system information, which could be leveraged for further attacks or to compromise the device.

Reproduction

The vulnerability can be reproduced by sending a request to the '/currentsetting.htm' endpoint without authentication. This can be done manually or through automated tools. The exposed information can be accessed directly once the request is made.

Remediation

It is recommended to implement proper firewall rules to block unauthorized access to the vulnerable endpoint.