CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20170
https://notcve.org/view.php?id=CVE-2021-20170
Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed. • https://www.tenable.com/security/research/tra-2021-55 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20171
https://notcve.org/view.php?id=CVE-2021-20171
Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. Netgear RAX43 versión 1.0.3.96, almacena información confidencial en texto plano. Todos los nombres de usuario y contraseñas de los servicios asociados al dispositivo se almacenan en texto plano en el dispositivo. • https://www.tenable.com/security/research/tra-2021-55 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.6EPSS: 0%CPEs: 6EXPL: 0CVE-2021-45493
https://notcve.org/view.php?id=CVE-2021-45493
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102. Determinados dispositivos NETGEAR están afectados por una divulgación de credenciales administrativas. Esto afecta a RAX35 versiones anteriores a 1.0.4.102, RAX38 versiones anteriores a 1.0.4.102 y RAX40 versiones anteriores a 1.0.4.102 • https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-45494
https://notcve.org/view.php?id=CVE-2021-45494
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. Determinados dispositivos NETGEAR están afectados por una capacidad de un atacante de leer archivos arbitrarios. Esto afecta a RBK352 versiones anteriores a 4.4.0.10, RBR350 versiones anteriores a 4.4.0.10 y RBS350 versiones anteriores a 4.4.0.10 • https://kb.netgear.com/000064160/Security-Advisory-for-Arbitrary-File-Read-on-Some-WiFi-Systems-PSV-2021-0044 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45495
https://notcve.org/view.php?id=CVE-2021-45495
NETGEAR D7000 devices before 1.0.1.68 are affected by authentication bypass. Los dispositivos NETGEAR D7000 versiones anteriores a 1.0.1.68, están afectados por una omisión de autenticación • https://kb.netgear.com/000064055/Security-Advisory-for-Authentication-Bypass-on-D7000-PSV-2018-0631 •