Login Sign Up

CVE-2025-4978

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows remote attackers to bypass authentication on Netgear DGND3700 routers via manipulation of the /BRS_top.html file. Attackers can gain unauthorized access to the router's administrative interface without credentials. This affects Netgear DGND3700 routers running vulnerable firmware versions.

💻 Affected Systems

Products:
  • Netgear DGND3700
Versions: 1.1.00.15_1.00.15NA
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability affects the Basic Authentication component. Other Netgear products might be affected but not confirmed.

📦 What is this software?

Dgnd3700 Firmware by Netgear

View all CVEs affecting Dgnd3700 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing attackers to change network settings, intercept traffic, install malware, or use the device as part of a botnet.

🟠

Likely Case

Unauthorized access to router administration leading to DNS hijacking, network monitoring, or credential theft from connected devices.

🟢

If Mitigated

Limited impact if router is behind additional firewalls, has restricted administrative access, or uses non-default credentials.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub. The vulnerability requires no authentication and is remotely exploitable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.netgear.com/

Restart Required: Yes

Instructions:

1. Check Netgear support site for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Navigate to firmware update section. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router administration interface

Change Default Credentials

all

Use strong, unique passwords for router administration

🧯 If You Can't Patch

  • Isolate vulnerable routers in separate network segments
  • Implement network monitoring for unauthorized access attempts to router administration

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 1.1.00.15_1.00.15NA, the device is vulnerable.

Check Version:

Access router web interface at http://routerlogin.net or router IP, navigate to Advanced > Administration > Router Update

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.1.00.15_1.00.15NA.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authentication attempts followed by successful access
  • Unauthorized access to /BRS_top.html

Network Indicators:

  • External IP addresses accessing router administration port
  • Unusual traffic patterns from router

SIEM Query:

source="router" AND (url="/BRS_top.html" OR event="authentication bypass")

📊 Metadata

CVE ID: CVE-2025-4978
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
EPSS Score: 0.58% exploit probability (68.3th percentile)
Published: May 20, 2025
Last Updated: June 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4978, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)