Page 3 of 21 results (0.003 seconds)
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34870 – NETGEAR XR1000 UPnP SOAPAction Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34870
08 Sep 2021 — This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue results from a lack of authentication required for a privileged request. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. • https://kb.netgear.com/000063967/Security-Advisory-for-a-Security-Misconfiguration-Vulnerability-on-the-XR1000-PSV-2021-0101 • CWE-306: Missing Authentication for Critical Function •