CVE-2021-20171
First published: Thu Dec 30 2021(Updated: )
Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear Rax43 Firmware | =1.0.3.96 | |
| Netgear RAX43 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Netgear RAX43 issue?
The vulnerability ID for this issue is CVE-2021-20171.
What software version is affected by this vulnerability?
The Netgear RAX43 version 1.0.3.96 is affected by this vulnerability.
How does this vulnerability impact the stored sensitive information?
This vulnerability allows all usernames and passwords to be stored in plaintext on the device.
Is the admin password stored in plaintext in the primary configuration file?
Yes, the admin password is stored in plaintext in the primary configuration file.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is medium with a value of 5.5.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/netgear
- canonical/netgear rax43 firmware
- version/netgear rax43 firmware/1.0.3.96
- canonical/netgear rax43