CVE-2022-41545

Name of the Vulnerable Software and Affected Versions Netgear C7800 Router version 6.01.07

Description The administrative web interface of the Netgear C7800 Router authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. This renders the administrative credentials vulnerable to eavesdropping by an adversary during every authenticated request made by a client to the router over a WLAN or a LAN, should the adversary be able to perform a man-in-the-middle attack.

Recommendations For Netgear C7800 Router version 6.01.07, consider disabling the basic authentication mechanism until a patch is available. Restrict access to the administrative web interface to minimize the risk of exploitation. Avoid using the administrative web interface over unsecured networks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.