CVE-2021-20171

Published: Dec 30, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.

Affected (1)

Products: Netgear: Rax43 Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rax43 Firmware	Version 1.0.3.96

Running on/with	Platform Versions
Netgear Rax43	All versions

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://www.tenable.com/security/research/tra-2021-55

Source: vulnreport@tenable.com

Third Party Advisory

https://www.tenable.com/security/research/tra-2021-55

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.