CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4235 – Netgear DG834Gv5 Web Management Interface cleartext storage
https://notcve.org/view.php?id=CVE-2024-4235
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://netsecfish.notion.site/Netgear-DG834Gv5-Plain-Text-Credentials-Exposure-22e94fe066014490bebd349775d10b27?pvs=4 https://vuldb.com/?ctiid.262126 https://vuldb.com/?id.262126 https://vuldb.com/?submit.319148 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-38591
https://notcve.org/view.php?id=CVE-2023-38591
Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi. • https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md https://www.netgear.com/about/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •