CVE-2021-45493

Published: Dec 26, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.

Affected (3)

Products: Netgear: Rax35 Firmware, Rax38 Firmware, Rax40 Firmware

3 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rax35 Firmware	Before 1.0.4.102

Running on/with	Platform Versions
Netgear Rax35	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rax38 Firmware	Before 1.0.4.102

Running on/with	Platform Versions
Netgear Rax38	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rax40 Firmware	Before 1.0.4.102

Running on/with	Platform Versions
Netgear Rax40	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293

Source: cve@mitre.org

Vendor Advisory

https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.