CVE-2021-20175
First published: Thu Dec 30 2021(Updated: )
Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface (port 5000) is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear R6700 Firmware | =1.0.4.120 | |
| NETGEAR R6700 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID of this security issue is CVE-2021-20175.
What is the severity level of CVE-2021-20175?
The severity level of CVE-2021-20175 is high, with a CVSS score of 7.5.
What is the affected software version for CVE-2021-20175?
The affected software version for CVE-2021-20175 is Netgear Nighthawk R6700 version 1.0.4.120.
What is the potential risk of CVE-2021-20175?
CVE-2021-20175 can potentially expose sensitive information, such as usernames and passwords, due to the lack of secure communication methods in the SOAP interface of Netgear Nighthawk R6700 version 1.0.4.120.
How can I mitigate CVE-2021-20175?
To mitigate CVE-2021-20175, it is recommended to update to a firmware version that utilizes secure communication methods for the SOAP interface or apply any patches or fixes provided by Netgear.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/last-modified-date
- vendor/netgear
- canonical/netgear r6700 firmware
- version/netgear r6700 firmware/1.0.4.120
- canonical/netgear r6700