CVE-2021-20170

Name of the Vulnerable Software and Affected Versions: Netgear RAX43 version 1.0.3.96

Description: The issue arises from the use of hardcoded credentials in the Netgear RAX43. Specifically, configuration backups are encrypted using a password-protected zip file with a hardcoded password RAX50w!a4udk. This allows a user to unzip the configuration, reconfigure settings not intended for manipulation, re-zip the configuration, and then restore the backup, thereby changing these settings.

Recommendations: For Netgear RAX43 version 1.0.3.96, as a temporary workaround, consider restricting access to the configuration backup feature until a patch is available. Avoid using the hardcoded password RAX50w!a4udk to unzip and manipulate configuration settings. At the moment, there is no information about a newer version that contains a fix for this vulnerability.