CVE-2021-20169

EUVD-2021-7626
Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
netgearrax43_firmware
1.0.3.96
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.tenable.com/security/research/tra-2021-55
https://www.tenable.com/security/research/tra-2021-55