CVE-2021-20168
https://notcve.org/view.php?id=CVE-2021-20168
Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin. Netgear RAX43 versión 1.0.3.96, no presenta suficientes protecciones para la interfaz UART. Un actor malicioso con acceso físico al dispositivo es capaz de conectarse al puerto UART por medio de una conexión serie, iniciar sesión con credenciales por defecto y ejecutar comandos como usuario root. • https://www.tenable.com/security/research/tra-2021-55 • CWE-287: Improper Authentication •
CVE-2021-20166
https://notcve.org/view.php?id=CVE-2021-20166
Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton. Netgear RAX43 versión 1.0.3.96, contiene una vulnerabilidad de desbordamiento de búfer. La funcionalidad URL parsing en el endpoint cgi-bin del enrutador contiene un problema de desbordamiento del búfer que puede redirigir el flujo de control de la aplicación. • https://www.tenable.com/security/research/tra-2021-55 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-20170
https://notcve.org/view.php?id=CVE-2021-20170
Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed. • https://www.tenable.com/security/research/tra-2021-55 • CWE-798: Use of Hard-coded Credentials •
CVE-2021-20171
https://notcve.org/view.php?id=CVE-2021-20171
Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. Netgear RAX43 versión 1.0.3.96, almacena información confidencial en texto plano. Todos los nombres de usuario y contraseñas de los servicios asociados al dispositivo se almacenan en texto plano en el dispositivo. • https://www.tenable.com/security/research/tra-2021-55 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2021-34991 – NETGEAR R6400v2 UPnP uuid Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-34991
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168 https://www.zerodayinitiative.com/advisories/ZDI-21-1303 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •