CVE-2021-41449
published 2021-12-09CVE-2021-41449: A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access…
high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgear | rax35_firmware | < 1.0.4.102 | 1.0.4.102 |
| netgear | rax38_firmware | < 1.0.4.102 | 1.0.4.102 |
| netgear | rax40_firmware | < 1.0.4.102 | 1.0.4.102 |