CVE-2021-34870

Name of the Vulnerable Software and Affected Versions: NETGEAR XR1000 version 1.0.0.52 1.0.38

Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the processing of SOAP messages, resulting from a lack of authentication required for a privileged request. An attacker can leverage this issue to disclose stored credentials, leading to further compromise.

Recommendations: For version 1.0.0.52 1.0.38, as a temporary workaround, consider restricting access to the SOAP message processing functionality until a patch is available. Additionally, restrict privileged requests to only authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.