ID

VAR-202112-2039


CVE

CVE-2021-45077


TITLE

Netgear Nighthawk R6700  Vulnerability in plaintext storage of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017367

DESCRIPTION

Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. The Netgear Nighthawk R6700 is a wireless router from Netgear

Trust: 2.25

sources: NVD: CVE-2021-45077 // JVNDB: JVNDB-2021-017367 // CNVD: CNVD-2022-02652 // VULMON: CVE-2021-45077

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-02652

AFFECTED PRODUCTS

vendor:netgearmodel:r6700scope:eqversion:1.0.4.120

Trust: 1.0

vendor:ネットギアmodel:r6700scope:eqversion:r6700 firmware 1.0.4.120

Trust: 0.8

vendor:ネットギアmodel:r6700scope:eqversion: -

Trust: 0.8

vendor:netgearmodel:nighthawk r6700scope:eqversion:1.0.4.120

Trust: 0.6

sources: CNVD: CNVD-2022-02652 // JVNDB: JVNDB-2021-017367 // NVD: CVE-2021-45077

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-45077
value: HIGH

Trust: 1.0

NVD: CVE-2021-45077
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-02652
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202112-2819
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-45077
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-02652
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-45077
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-45077
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-02652 // JVNDB: JVNDB-2021-017367 // CNNVD: CNNVD-202112-2819 // NVD: CVE-2021-45077

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.0

problemtype:Plaintext storage of important information (CWE-312) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-017367 // NVD: CVE-2021-45077

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2819

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202112-2819

PATCH

title:Top Pageurl:https://www.netgear.com/

Trust: 0.8

title:Patch for Netgear Nighthawk R6700 Encryption Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/312986

Trust: 0.6

title:Netgear Nighthawk R6700 Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176866

Trust: 0.6

sources: CNVD: CNVD-2022-02652 // JVNDB: JVNDB-2021-017367 // CNNVD: CNNVD-202112-2819

EXTERNAL IDS

db:NVDid:CVE-2021-45077

Trust: 3.9

db:TENABLEid:TRA-2021-57

Trust: 2.5

db:JVNDBid:JVNDB-2021-017367

Trust: 0.8

db:CNVDid:CNVD-2022-02652

Trust: 0.6

db:CS-HELPid:SB2022010310

Trust: 0.6

db:CNNVDid:CNNVD-202112-2819

Trust: 0.6

db:VULMONid:CVE-2021-45077

Trust: 0.1

sources: CNVD: CNVD-2022-02652 // VULMON: CVE-2021-45077 // JVNDB: JVNDB-2021-017367 // CNNVD: CNNVD-202112-2819 // NVD: CVE-2021-45077

REFERENCES

url:https://www.tenable.com/security/research/tra-2021-57

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-45077

Trust: 2.0

url:https://www.cybersecurity-help.cz/vdb/sb2022010310

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-02652 // VULMON: CVE-2021-45077 // JVNDB: JVNDB-2021-017367 // CNNVD: CNNVD-202112-2819 // NVD: CVE-2021-45077

SOURCES

db:CNVDid:CNVD-2022-02652
db:VULMONid:CVE-2021-45077
db:JVNDBid:JVNDB-2021-017367
db:CNNVDid:CNNVD-202112-2819
db:NVDid:CVE-2021-45077

LAST UPDATE DATE

2024-11-23T22:05:04.983000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-02652date:2022-01-12T00:00:00
db:VULMONid:CVE-2021-45077date:2021-12-31T00:00:00
db:JVNDBid:JVNDB-2021-017367date:2023-01-17T05:49:00
db:CNNVDid:CNNVD-202112-2819date:2022-07-14T00:00:00
db:NVDid:CVE-2021-45077date:2024-11-21T06:31:54.170

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-02652date:2022-01-12T00:00:00
db:VULMONid:CVE-2021-45077date:2021-12-30T00:00:00
db:JVNDBid:JVNDB-2021-017367date:2023-01-17T00:00:00
db:CNNVDid:CNNVD-202112-2819date:2021-12-30T00:00:00
db:NVDid:CVE-2021-45077date:2021-12-30T22:15:10.007