PT-2021-13823 · NetGear · Netgear Rax43

Evan Grant

Published

2021-12-30

Updated

2022-01-11

CVE-2021-20171

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Netgear RAX43 version 1.0.3.96

Description: The issue concerns the storage of sensitive information in plaintext. Specifically, all usernames and passwords for the device's associated services are stored in plaintext on the device. For instance, the admin password is stored in plaintext in the primary configuration file.

Recommendations: For Netgear RAX43 version 1.0.3.96, consider changing the admin password and other sensitive credentials to minimize the risk of exploitation, and avoid using the device until a fix is available. As a temporary workaround, restrict access to the primary configuration file to prevent unauthorized access to the stored plaintext passwords.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2021-20171

Affected Products

Netgear Rax43

PT-2021-13823 · NetGear · Netgear Rax43

CVE-2021-20171

Weakness Enumeration

Related Identifiers

Affected Products

References · 3