CVE-2021-44261

A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.

Published: Mar 17, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-44261
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
netgear / wac104_firmware	-	1.0.4.13.x
netgear / r7450_firmware	-	-
netgear / r6900_firmware	-	-
netgear / r7800_firmware	-	-
netgear / r6220_firmware	-	1.1.0.34_1.0.1.x

https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_W104_unauthorized_access_vulnerability_first.md
https://www.netgear.com/about/security/

Vulnerability Database

289,784

CVE-2021-44261