CVE-2021-23147
First published: Thu Dec 30 2021(Updated: )
Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection and execute commands as the root user without authentication.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear R6700 Firmware | =1.0.4.120 | |
| NETGEAR R6700 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-23147?
CVE-2021-23147 is a vulnerability in the Netgear Nighthawk R6700 router firmware version 1.0.4.120 that allows a malicious actor with physical access to the device to execute commands as the root user without authentication.
How does CVE-2021-23147 impact the Netgear Nighthawk R6700 router?
CVE-2021-23147 allows an attacker who has physical access to the router to connect to the UART port and gain root access without authentication.
What is the severity of CVE-2021-23147?
CVE-2021-23147 has a severity rating of 6.8 (high).
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-23147?
The Common Weakness Enumeration (CWE) ID for CVE-2021-23147 is CWE-287.
How can I fix the CVE-2021-23147 vulnerability in my Netgear Nighthawk R6700 router?
To fix the CVE-2021-23147 vulnerability, update your Netgear Nighthawk R6700 router firmware to a version that includes sufficient protections for the UART console.
- collector/nvd-index
- agent/weakness
- vendor/netgear
- canonical/netgear r6700 firmware
- version/netgear r6700 firmware/1.0.4.120
- canonical/netgear r6700