Exposure of Sensitive Information to an Unauthorized Actor
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 220.127.116.11, D6400 before 18.104.22.168, D8500 before 22.214.171.124, R6250 before 126.96.36.199, R6300v2 before 188.8.131.52, R6400 before 1.01.32, R6400v2 before 184.108.40.206, R6700 before 220.127.116.11, R6900 before 18.104.22.168, R7000 before 22.214.171.124, R7000P before 126.96.36.199, R6900P before 188.8.131.52, R7100LG before 184.108.40.206, R7300DST before 220.127.116.11, R7900 before 18.104.22.168, R8000 before 22.214.171.124, R8500 before 126.96.36.199, R8300 before 188.8.131.52, and WNDR3400v3 before 184.108.40.206.
CWE-200 - Information Exposure
An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.