Details of VAR-202112-0541

ID

VAR-202112-0541

CVE

CVE-2021-41449

TITLE

plural Netgear Path Traversal Vulnerability in Routers

Trust: 0.8

sources: JVNDB: JVNDB-2021-016141

DESCRIPTION

A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet. Netgear RAX35 , RAX38 , RAX40 Routers contain a path traversal vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Netgear RAX35 is a router from Netgear. A hardware device that connects two or more networks and acts as a gateway between the networks. Netgear RAX35, RAX38 and RAX40 routers v1.0.4.102 and earlier versions of the firmware have an access control error vulnerability. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles

Trust: 2.25

sources: NVD: CVE-2021-41449 // JVNDB: JVNDB-2021-016141 // CNVD: CNVD-2021-102000 // VULMON: CVE-2021-41449

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-102000

AFFECTED PRODUCTS

vendor:	netgear	model:	rax40	scope:	lt	version:	1.0.4.102	Trust: 1.0
vendor:	netgear	model:	rax35	scope:	lt	version:	1.0.4.102	Trust: 1.0
vendor:	netgear	model:	rax38	scope:	lt	version:	1.0.4.102	Trust: 1.0
vendor:	ネットギア	model:	rax38	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax35	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax40	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	rax35	scope:	lt	version:	v1.0.4.102	Trust: 0.6
vendor:	netgear	model:	rax38	scope:	lt	version:	v1.0.4.102	Trust: 0.6
vendor:	netgear	model:	rax40	scope:	lt	version:	v1.0.4.102	Trust: 0.6

sources: CNVD: CNVD-2021-102000 // JVNDB: JVNDB-2021-016141 // NVD: CVE-2021-41449

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-41449
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-41449
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-102000
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202112-732
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-41449
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-41449
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-102000
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-41449
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-41449
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-102000 // VULMON: CVE-2021-41449 // JVNDB: JVNDB-2021-016141 // CNNVD: CNNVD-202112-732 // NVD: CVE-2021-41449

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-016141 // NVD: CVE-2021-41449

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-732

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202112-732

PATCH

title:	Security Advisory for Path Traversal on Some Routers, PSV-2021-0268	url:	https://www.netgear.com/	Trust: 0.8
title:	Patch for Netgear Access Control Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/310031	Trust: 0.6
title:	Netgear Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174228	Trust: 0.6
title:	-	url:	https://github.com/efchatz/easy-exploits	Trust: 0.1

sources: CNVD: CNVD-2021-102000 // VULMON: CVE-2021-41449 // JVNDB: JVNDB-2021-016141 // CNNVD: CNNVD-202112-732

EXTERNAL IDS

db:	NVD	id:	CVE-2021-41449	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-016141	Trust: 0.8
db:	CNVD	id:	CNVD-2021-102000	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-732	Trust: 0.6
db:	VULMON	id:	CVE-2021-41449	Trust: 0.1

sources: CNVD: CNVD-2021-102000 // VULMON: CVE-2021-41449 // JVNDB: JVNDB-2021-016141 // CNNVD: CNNVD-202112-732 // NVD: CVE-2021-41449

REFERENCES

url:	http://netgear.com	Trust: 2.3
url:	https://kb.netgear.com/000064405/security-advisory-for-path-traversal-on-some-routers-psv-2021-0268	Trust: 1.7
url:	https://www.netgear.com/about/security/	Trust: 1.7
url:	http://rax40.com	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41449	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/efchatz/easy-exploits	Trust: 0.1

sources: CNVD: CNVD-2021-102000 // VULMON: CVE-2021-41449 // JVNDB: JVNDB-2021-016141 // CNNVD: CNNVD-202112-732 // NVD: CVE-2021-41449

SOURCES

db:	CNVD	id:	CNVD-2021-102000
db:	VULMON	id:	CVE-2021-41449
db:	JVNDB	id:	JVNDB-2021-016141
db:	CNNVD	id:	CNNVD-202112-732
db:	NVD	id:	CVE-2021-41449

LAST UPDATE DATE

2024-11-23T22:10:57.447000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-102000	date:	2021-12-24T00:00:00
db:	VULMON	id:	CVE-2021-41449	date:	2021-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-016141	date:	2022-12-07T05:58:00
db:	CNNVD	id:	CNNVD-202112-732	date:	2021-12-14T00:00:00
db:	NVD	id:	CVE-2021-41449	date:	2024-11-21T06:26:16.017

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-102000	date:	2021-12-24T00:00:00
db:	VULMON	id:	CVE-2021-41449	date:	2021-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-016141	date:	2022-12-07T00:00:00
db:	CNNVD	id:	CNNVD-202112-732	date:	2021-12-09T00:00:00
db:	NVD	id:	CVE-2021-41449	date:	2021-12-09T14:15:12.563