CVE-2021-45732

Name of the Vulnerable Software and Affected Versions: Netgear Nighthawk R6700 version 1.0.4.120

Description: The issue concerns a hardcoded credential in the Netgear Nighthawk R6700. Although configuration backups are encrypted or obfuscated, suggesting they are not intended for user manipulation, an individual can extract the configuration using publicly available tools. This allows for reconfiguring settings that are not meant to be changed, repackaging the configuration, and then restoring the backup to apply these changes.

Recommendations: For Netgear Nighthawk R6700 version 1.0.4.120, consider disabling the ability to restore configuration backups until a patch is available to prevent unauthorized changes to settings. Additionally, restrict access to configuration manipulation tools to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.