CVE-2021-20171

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 81.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear Rax43 Firmware
Timeline
PublishedDec 30
Latest updateDec 31

Description

Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5netgear_rax431.0.3.96

🔴Vulnerability Details

2
GHSA
GHSA-7ggp-fc92-x5m6: Netgear RAX43 version 12021-12-31
CVEList
CVE-2021-20171: Netgear RAX43 version 12021-12-30
CVE-2021-20171 (MEDIUM CVSS 5.5) | Netgear RAX43 version 1.0.3.96 stor | cvebase.io