Path Traversal Vulnerability in Netgear Routers RAX35, RAX38, and RAX40
CVE-2021-41449

7.1HIGH

Key Information:

Vendor
Netgear
Status
Rax35 Firmware
Vendor
CVE Published:
9 December 2021

Summary

A path traversal vulnerability exists in the web interfaces of Netgear RAX35, RAX38, and RAX40 routers prior to version 1.0.4.102. This flaw enables a remote, unauthenticated attacker to exploit the system by crafting a special HTTP packet that can access sensitive information, including files that should be restricted. This can lead to unauthorized disclosure of information, posing security risks to users and their data.

References

http://netgear.com
x_refsource_MISC
https://www.netgear.com/about/security/
x_refsource_MISC
http://rax40.com
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.