CVE-2021-34983 — MEDIUM (6.5)

Q: How severe is CVE-2021-34983?

CVE-2021-34983 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-34983?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Xr1000 Firmware, Netgear Xr1000, Netgear Xr300 Firmware, Netgear Xr300, Netgear D6220 Firmware.

Vulnerability Description

NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Netgear	Xr1000 Firmware	< 1.0.0.64
Netgear	Xr1000	-
Netgear	Xr300 Firmware	< 1.0.3.68
Netgear	Xr300	-
Netgear	D6220 Firmware	< 1.0.0.76
Netgear	D6220	-
Netgear	D6400 Firmware	< 1.0.0.108
Netgear	D6400	-
Netgear	D7000V2 Firmware	< 1.0.0.76
Netgear	D7000V2	-
Netgear	Dgn2200V4 Firmware	< 1.0.0.126
Netgear	Dgn2200V4	-
Netgear	V6510-1Fxaus Firmware	< 1.0.0.80
Netgear	V6510-1Fxaus	-
Netgear	Dc112A Firmware	< 1.0.0.62
Netgear	Dc112A	-
Netgear	Ex3700 Firmware	< 1.0.0.94
Netgear	Ex3700	-
Netgear	Ex3800 Firmware	< 1.0.0.94
Netgear	Ex3800	-

Related Weaknesses (CWE)

CWE-306

References

https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-BufferVendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1275/Third Party Advisory
https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-BufferVendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1275/Third Party Advisory

FAQ

What is CVE-2021-34983?

CVE-2021-34983 is a vulnerability with a CVSS score of 6.5 (MEDIUM). NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information...

How severe is CVE-2021-34983?

CVE-2021-34983 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-34983?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Xr1000 Firmware, Netgear Xr1000, Netgear Xr300 Firmware, Netgear Xr300, Netgear D6220 Firmware.