cbcvebase.
CVE-2021-34983
published 2024-05-07

CVE-2021-34983: NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent…

medium6.5CVSS 3.0
AVAACLPRNUINSUCHINAN
NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708.

Affected

53 ranges· showing 25
VendorProductVersion rangeFixed in
netgeard6220_firmware< 1.0.0.761.0.0.76
netgeard6400_firmware< 1.0.0.1081.0.0.108
netgeard7000v2_firmware< 1.0.0.761.0.0.76
netgeardc112a_firmware< 1.0.0.621.0.0.62
netgeardgn2200v4_firmware< 1.0.0.1261.0.0.126
netgearex3700_firmware< 1.0.0.941.0.0.94
netgearex3800_firmware< 1.0.0.941.0.0.94
netgearex6120_firmware< 1.0.0.661.0.0.66
netgearex6130_firmware< 1.0.0.461.0.0.46
netgearex7000_firmware< 1.0.1.1061.0.1.106
netgearex7500_firmware< 1.0.1.761.0.1.76
netgearlax20_firmware< 1.1.6.301.1.6.30
netgearmr60_firmware< 1.1.6.1221.1.6.122
netgearmr80_firmware< 1.1.6.101.1.6.10
netgearms60_firmware< 1.1.6.1221.1.6.122
netgearms80_firmware< 1.1.6.101.1.6.10
netgearmultiple_routers
netgearr6400_firmware< 1.0.1.761.0.1.76
netgearr6400v2_firmware< 1.0.4.1201.0.4.120
netgearr6700v3_firmware< 1.0.4.1201.0.4.120
netgearr6900p_firmware< 1.3.3.1481.3.3.148
netgearr7000_firmware< 1.0.11.1281.0.11.128
netgearr7000p_firmware< 1.3.3.1481.3.3.148
netgearr7100lg_firmware< 1.0.0.721.0.0.72
netgearr7850_firmware< 1.0.5.761.0.5.76