First published: Thu Dec 09 2021(Updated: )
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear Rax35 Firmware | <1.0.4.102 | |
Netgear RAX35 | ||
Netgear Rax38 Firmware | <1.0.4.102 | |
Netgear Rax38 | ||
Netgear Rax40 Firmware | <1.0.4.102 | |
NETGEAR RAX40 | ||
All of | ||
Netgear Rax35 Firmware | <1.0.4.102 | |
Netgear RAX35 | ||
All of | ||
Netgear Rax38 Firmware | <1.0.4.102 | |
Netgear Rax38 | ||
All of | ||
Netgear Rax40 Firmware | <1.0.4.102 | |
NETGEAR RAX40 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this path traversal attack is CVE-2021-41449.
The Netgear RAX35, RAX38, and RAX40 routers are affected by this path traversal vulnerability.
The severity of CVE-2021-41449 is high with a CVSS score of 7.1.
A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP packet to gain access to sensitive restricted information.
It is recommended to update the firmware of the affected routers to version 1.0.4.102 or newer to mitigate this vulnerability.