Vulnerability Description
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Rax35 Firmware | < 1.0.4.102 |
| Netgear | Rax35 | - |
| Netgear | Rax38 Firmware | < 1.0.4.102 |
| Netgear | Rax38 | - |
| Netgear | Rax40 Firmware | < 1.0.4.102 |
| Netgear | Rax40 | - |
Related Weaknesses (CWE)
References
- http://netgear.comVendor Advisory
- http://rax40.comBroken Link
- https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-RoVendor Advisory
- https://www.netgear.com/about/security/Vendor Advisory
- http://netgear.comVendor Advisory
- http://rax40.comBroken Link
- https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-RoVendor Advisory
- https://www.netgear.com/about/security/Vendor Advisory
FAQ
What is CVE-2021-41449?
CVE-2021-41449 is a vulnerability with a CVSS score of 7.1 (HIGH). A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, suc...
How severe is CVE-2021-41449?
CVE-2021-41449 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41449?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Rax35 Firmware, Netgear Rax35, Netgear Rax38 Firmware, Netgear Rax38, Netgear Rax40 Firmware.