PT-2021-24196 · NetGear · Netgear Nighthawk R6700
Jimi Sebree
·
Published
2021-12-30
·
Updated
2022-07-12
·
CVE-2021-45077
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Netgear Nighthawk R6700 version 1.0.4.120
Description:
The issue concerns the storage of sensitive information in plaintext. Specifically, all usernames and passwords for the device's associated services are stored in plaintext on the device. For instance, the admin password is stored in plaintext in the primary configuration file on the device.
Recommendations:
For Netgear Nighthawk R6700 version 1.0.4.120, consider changing the admin password and other sensitive information to minimize the risk of exploitation. As a temporary workaround, restrict access to the primary configuration file to prevent unauthorized access to the stored plaintext passwords. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Nighthawk R6700