CVE-2021-45732

CWE-798Hard-coded Credentials3 documents3 sources
Severity
8.8HIGH
EPSS
0.3%
top 47.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear R6700 Firmware
Timeline
PublishedDec 30
Latest updateDec 31

Description

Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5netgear_nighthawk_r67001.0.4.120
NVDnetgear/r6700_firmware1.0.4.120

🔴Vulnerability Details

2
GHSA
GHSA-6x2m-2w3q-qqp5: Netgear Nighthawk R6700 version 12021-12-31
CVEList
CVE-2021-45732: Netgear Nighthawk R6700 version 12021-12-30
CVE-2021-45732 (HIGH CVSS 8.8) | Netgear Nighthawk R6700 version 1.0 | cvebase.io