PT-2021-5726 · NetGear · Netgear Rax40+2

Published

2021-12-20

Updated

2022-01-04

CVE-2021-45493

CVSS v3.1

7.6

High

Vector

AC:L/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:R

Name of the Vulnerable Software and Affected Versions NETGEAR RAX35 versions prior to 1.0.4.102 NETGEAR RAX38 versions prior to 1.0.4.102 NETGEAR RAX40 versions prior to 1.0.4.102

Description The issue is related to the disclosure of administrative credentials in certain NETGEAR devices. It may allow a remote attacker to gain unauthorized access to protected information.

Recommendations For RAX35 versions prior to 1.0.4.102, update to version 1.0.4.102 or later. For RAX38 versions prior to 1.0.4.102, update to version 1.0.4.102 or later. For RAX40 versions prior to 1.0.4.102, update to version 1.0.4.102 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2022-00169

CVE-2021-45493

Affected Products

Netgear Rax35

Netgear Rax38

Netgear Rax40

PT-2021-5726 · NetGear · Netgear Rax40+2

CVE-2021-45493

Weakness Enumeration

Related Identifiers

Affected Products

References · 4