CVE-2021-20171

Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.

Published: Dec 30, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-20171
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-312

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
netgear / rax43_firmware	1.0.3.96	1.0.3.96.x

https://www.tenable.com/security/research/tra-2021-55

Vulnerability Database

289,697

CVE-2021-20171