PT-2021-23299 · NetGear · Netgear Rax40+2
Efstratios Chatzoglou
·
Published
2021-12-09
·
Updated
2021-12-13
·
CVE-2021-41449
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Netgear RAX35 versions prior to 1.0.4.102
Netgear RAX38 versions prior to 1.0.4.102
Netgear RAX40 versions prior to 1.0.4.102
Description
A path traversal attack in the web interfaces of the affected routers allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
Recommendations
For Netgear RAX35 version prior to 1.0.4.102, update to version 1.0.4.102 or later.
For Netgear RAX38 version prior to 1.0.4.102, update to version 1.0.4.102 or later.
For Netgear RAX40 version prior to 1.0.4.102, update to version 1.0.4.102 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Rax35
Netgear Rax38
Netgear Rax40