CVE-2021-41449

CWE-22 — Path Traversal3 documents3 sources

Severity

7.1HIGH

EPSS

1.4%

top 19.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Rax35 Firmware Netgear Rax38 Firmware Netgear Rax40 Firmware

Timeline

PublishedDec 9

Latest updateDec 10

Description

A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶NVDnetgear/rax35_firmware< 1.0.4.102

▶NVDnetgear/rax38_firmware< 1.0.4.102

▶NVDnetgear/rax40_firmware< 1.0.4.102

🔴Vulnerability Details

GHSA

GHSA-h4m4-4f78-3cq7: A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1↗2021-12-10

▶

CVEList

CVE-2021-41449: A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1↗2021-12-09

▶