| Vulnerability Name: | CVE-2021-20170 (CCN-216411) | ||||||||||||
| Assigned: | 2020-12-17 | ||||||||||||
| Published: | 2021-12-30 | ||||||||||||
| Updated: | 2022-01-11 | ||||||||||||
| Summary: | Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)
6.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:U/RC:R)
| ||||||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-798 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-20170 Source: XF Type: UNKNOWN netgear-cve202120170-default-acct(216411) Source: CCN Type: Netgear Web site RAX43 Source: CCN Type: Tenable Advisory ID: TRA-2021-55 Netgear Nighthawk RAX43 Multiple Vulnerabilities Source: MISC Type: Third Party Advisory https://www.tenable.com/security/research/tra-2021-55 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||