1. Home
  2. CVE Database
  3. CVE-2021-20170
HIGH · 8.8

CVE-2021-20170

Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encryp...

Vulnerability Description

Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
NetgearRax43 Firmware1.0.3.96
NetgearRax43-

Related Weaknesses (CWE)

CWE-798

References

FAQ

What is CVE-2021-20170?

CVE-2021-20170 is a vulnerability with a CVSS score of 8.8 (HIGH). Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encryp...

How severe is CVE-2021-20170?

CVE-2021-20170 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-20170?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Rax43 Firmware, Netgear Rax43.