CVE-2021-20174
First published: Thu Dec 30 2021(Updated: )
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device's web interface is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear R6700 Firmware | =1.0.4.120 | |
| NETGEAR R6700 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-20174?
CVE-2021-20174 refers to a vulnerability in Netgear Nighthawk R6700 version 1.0.4.120 where the web interface does not utilize secure communication methods, leading to potentially sensitive information being transmitted in clear text.
How does CVE-2021-20174 impact Netgear Nighthawk R6700 version 1.0.4.120?
CVE-2021-20174 allows for usernames and passwords to be transmitted in clear text when accessing the web interface of the Netgear Nighthawk R6700 version 1.0.4.120.
What is the severity of CVE-2021-20174?
CVE-2021-20174 has a severity rating of high, with a CVSS score of 7.5.
How can I fix CVE-2021-20174?
To fix CVE-2021-20174, it is recommended to update the firmware of the Netgear Nighthawk R6700 to a version that utilizes secure communication methods for the web interface.
Where can I find more information about CVE-2021-20174?
More information about CVE-2021-20174 can be found at the following reference: https://www.tenable.com/security/research/tra-2021-57
- collector/nvd-index
- vendor/netgear
- canonical/netgear r6700 firmware
- version/netgear r6700 firmware/1.0.4.120
- canonical/netgear r6700