Details of VAR-202112-2046

ID

VAR-202112-2046

CVE

CVE-2021-20171

TITLE

Netgear RAX43 Vulnerability in plaintext storage of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017414

DESCRIPTION

Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. Netgear RAX43 is a wireless router from Netgear. No detailed vulnerability details are currently available

Trust: 2.25

sources: NVD: CVE-2021-20171 // JVNDB: JVNDB-2021-017414 // CNVD: CNVD-2022-02662 // VULMON: CVE-2021-20171

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-02662

AFFECTED PRODUCTS

vendor:	netgear	model:	rax43	scope:	eq	version:	1.0.3.96	Trust: 1.6
vendor:	ネットギア	model:	rax43	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax43	scope:	eq	version:	rax43 firmware 1.0.3.96	Trust: 0.8

sources: CNVD: CNVD-2022-02662 // JVNDB: JVNDB-2021-017414 // NVD: CVE-2021-20171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20171
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-20171
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-02662
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202112-2814
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-20171
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-02662
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-20171
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20171
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-02662 // JVNDB: JVNDB-2021-017414 // CNNVD: CNNVD-202112-2814 // NVD: CVE-2021-20171

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017414 // NVD: CVE-2021-20171

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2814

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-2814

PATCH

title:	Top Page	url:	https://www.netgear.com/	Trust: 0.8
title:	Patch for Unknown Vulnerability in Netgear RAX43	url:	https://www.cnvd.org.cn/patchInfo/show/314011	Trust: 0.6
title:	Netgear RAX43 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176862	Trust: 0.6

sources: CNVD: CNVD-2022-02662 // JVNDB: JVNDB-2021-017414 // CNNVD: CNNVD-202112-2814

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20171	Trust: 3.9
db:	TENABLE	id:	TRA-2021-55	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-017414	Trust: 0.8
db:	CNVD	id:	CNVD-2022-02662	Trust: 0.6
db:	CS-HELP	id:	SB2022010311	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-2814	Trust: 0.6
db:	VULMON	id:	CVE-2021-20171	Trust: 0.1

sources: CNVD: CNVD-2022-02662 // VULMON: CVE-2021-20171 // JVNDB: JVNDB-2021-017414 // CNNVD: CNNVD-202112-2814 // NVD: CVE-2021-20171

REFERENCES

url:	https://www.tenable.com/security/research/tra-2021-55	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20171	Trust: 2.0
url:	https://www.cybersecurity-help.cz/vdb/sb2022010311	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-02662 // VULMON: CVE-2021-20171 // JVNDB: JVNDB-2021-017414 // CNNVD: CNNVD-202112-2814 // NVD: CVE-2021-20171

SOURCES

db:	CNVD	id:	CNVD-2022-02662
db:	VULMON	id:	CVE-2021-20171
db:	JVNDB	id:	JVNDB-2021-017414
db:	CNNVD	id:	CNNVD-202112-2814
db:	NVD	id:	CVE-2021-20171

LAST UPDATE DATE

2024-08-14T14:02:52.708000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-02662	date:	2022-01-17T00:00:00
db:	VULMON	id:	CVE-2021-20171	date:	2021-12-31T00:00:00
db:	JVNDB	id:	JVNDB-2021-017414	date:	2023-01-18T01:09:00
db:	CNNVD	id:	CNNVD-202112-2814	date:	2022-01-12T00:00:00
db:	NVD	id:	CVE-2021-20171	date:	2022-01-11T14:36:09.337

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-02662	date:	2022-01-12T00:00:00
db:	VULMON	id:	CVE-2021-20171	date:	2021-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-017414	date:	2023-01-18T00:00:00
db:	CNNVD	id:	CNNVD-202112-2814	date:	2021-12-30T00:00:00
db:	NVD	id:	CVE-2021-20171	date:	2021-12-30T22:15:09.657