Insecure Communications in Netgear RAX43 Web Interface
CVE-2021-20169

6.8MEDIUM

Key Information:

Vendor: Netgear
Status: Netgear Rax43
Vendor: CVE Published:; 30 December 2021

Summary

The Netgear RAX43, specifically version 1.0.3.96, suffers from a vulnerability where the web interface does not employ secure communication protocols. Instead, all data exchanged with the device occurs over HTTP, which can expose sensitive information such as usernames and passwords in cleartext. This flaw raises significant security concerns, as attackers could intercept unencrypted traffic and gain unauthorized access to critical data.

Affected Version(s)

Netgear RAX43 1.0.3.96

References

https://www.tenable.com/security/research/tra-2021-55

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 30, 2021
Vulnerability Reserved
Dec 17, 2020