Unauthorized Access Vulnerability in Netgear RAX43
CVE-2021-20168

6.8MEDIUM

Key Information:

Vendor: Netgear
Status: Netgear Rax43
Vendor: CVE Published:; 30 December 2021

What is CVE-2021-20168?

The Netgear RAX43 version 1.0.3.96 features an inadequate security measure for its UART interface. This weakness allows an attacker with physical access to the device to connect through the UART port using a serial connection. Once connected, the attacker can log in using default credentials (admin:admin) and gain root access, enabling them to execute arbitrary commands, which poses significant security risks to the device and its network.

Affected Version(s)

Netgear RAX43 1.0.3.96

References

https://www.tenable.com/security/research/tra-2021-55

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2021
Vulnerability Reserved
Dec 17, 2020