CVE-2021-45732
First published: Thu Dec 30 2021(Updated: )
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear R6700 Firmware | =1.0.4.120 | |
| NETGEAR R6700 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-45732?
CVE-2021-45732 is a vulnerability in Netgear Nighthawk R6700 version 1.0.4.120 that allows an attacker to access configuration backups using a hardcoded credential.
How severe is CVE-2021-45732?
CVE-2021-45732 has a severity rating of 8.8 (high).
Is Netgear R6700 Firmware version 1.0.4.120 affected?
Yes, Netgear R6700 Firmware version 1.0.4.120 is affected by CVE-2021-45732.
How can an attacker exploit CVE-2021-45732?
An attacker can exploit CVE-2021-45732 by extracting the configuration using publicly available tools and the hardcoded credential.
Is the NETGEAR R6700 router vulnerable to CVE-2021-45732?
No, the NETGEAR R6700 router itself is not vulnerable to CVE-2021-45732.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/netgear
- canonical/netgear r6700 firmware
- version/netgear r6700 firmware/1.0.4.120
- canonical/netgear r6700