CVE-2022-41545 — MEDIUM (6.4)

Vulnerability Description

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transport security by default, this renders the administrative credentials vulnerable to eavesdropping by an adversary during every authenticated request made by a client to the router over a WLAN, or a LAN, should the adversary be able to perform a man-in-the-middle attack.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	C7800 Firmware	6.01.07
Netgear	C7800	-

Related Weaknesses (CWE)

CWE-319

References

https://seclists.org/fulldisclosure/2025/Feb/12Mailing ListThird Party Advisory
https://www.netgear.com/about/security/Vendor Advisory
https://www.netgear.com/images/datasheet/networking/cablemodems/C7800.pdfProduct
http://seclists.org/fulldisclosure/2025/Feb/12Mailing ListThird Party Advisory

FAQ

What is CVE-2022-41545?

CVE-2022-41545 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 ...

How severe is CVE-2022-41545?

CVE-2022-41545 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-41545?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear C7800 Firmware, Netgear C7800.