PT-2021-13826 · NetGear · Netgear Nighthawk R6700

Published

2021-12-30

Updated

2022-01-11

CVE-2021-20174

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Netgear Nighthawk R6700 version 1.0.4.120

Description: The issue concerns the lack of secure communication methods to the web interface. By default, all communication to and from the device's web interface is sent via HTTP, causing potentially sensitive information, such as username and password, to be transmitted in cleartext.

Recommendations: For Netgear Nighthawk R6700 version 1.0.4.120, consider configuring the device to use HTTPS for secure communication to the web interface as a temporary workaround. Restrict access to the web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2021-20174

Affected Products

Netgear Nighthawk R6700

PT-2021-13826 · NetGear · Netgear Nighthawk R6700

CVE-2021-20174

Weakness Enumeration

Related Identifiers

Affected Products

References · 3