CVE-2021-20170
Summary
| CVE | CVE-2021-20170 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-12-30 22:15:00 UTC |
| Updated | 2022-01-11 14:26:00 UTC |
| Description | Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed. |
Risk And Classification
Problem Types: CWE-798
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Netgear | Rax43 | - | All | All | All |
| Operating System | Netgear | Rax43 Firmware | 1.0.3.96 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Netgear Nighthawk RAX43 Multiple Vulnerabilities - Research Advisory | Tenable® | MISC | www.tenable.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.