Basic Authentication Vulnerability in Netgear C7800 Router
CVE-2022-41545

6.4MEDIUM

Key Information:

Vendor: Netgear
Status: C7800 Router
Vendor: CVE Published:; 18 February 2025

Summary

The administrative web interface of the Netgear C7800 Router is susceptible to a basic authentication flaw, allowing the transmission of sensitive login credentials as a base64 encoded value within HTTP headers. This occurs over unsecured connections, making it possible for attackers to easily intercept user credentials during network communication. The lack of inherent transport security in the router’s configuration exacerbates the risk, especially in scenarios involving man-in-the-middle attacks. Users are strongly advised to mitigate this risk by ensuring secure communication channels and considering alternative security measures.

References

https://www.netgear.com/about/security/

https://www.netgear.com/images/datasheet/networking/cable...

https://seclists.org/fulldisclosure/2025/Feb/12

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Sep 26, 2022