CVE-2021-45077

CWE-312Cleartext Storage of Sensitive InfoCWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
7.5HIGH
EPSS
0.1%
top 64.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear R6700 Firmware
Timeline
PublishedDec 30
Latest updateDec 31

Description

Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5netgear_nighthawk_r67001.0.4.120
NVDnetgear/r6700_firmware1.0.4.120

🔴Vulnerability Details

2
GHSA
GHSA-h2wq-r4cc-9wqv: Netgear Nighthawk R6700 version 12021-12-31
CVEList
CVE-2021-45077: Netgear Nighthawk R6700 version 12021-12-30
CVE-2021-45077 (HIGH CVSS 7.5) | Netgear Nighthawk R6700 version 1.0 | cvebase.io