PT-2021-13827 · NetGear · Netgear Nighthawk R6700

Jimi Sebree

Published

2021-12-30

Updated

2022-01-11

CVE-2021-20175

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Netgear Nighthawk R6700 version 1.0.4.120

Description: The issue concerns the lack of secure communication methods to the SOAP interface. By default, all communication to and from the device's SOAP Interface on port 5000 is sent via HTTP, causing potentially sensitive information, such as username and password, to be transmitted in cleartext.

Recommendations: For Netgear Nighthawk R6700 version 1.0.4.120, consider disabling access to the SOAP interface on port 5000 until a secure communication method is implemented. Restrict access to the SOAP interface to minimize the risk of exploitation. Avoid using the SOAP interface for sensitive operations until the issue is resolved.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2021-20175

Affected Products

Netgear Nighthawk R6700

PT-2021-13827 · NetGear · Netgear Nighthawk R6700

CVE-2021-20175

Weakness Enumeration

Related Identifiers

Affected Products

References · 3