Details of VAR-202112-2047

ID

VAR-202112-2047

CVE

CVE-2021-20170

TITLE

Netgear RAX43 Vulnerability in using hard-coded credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017415

DESCRIPTION

Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed. Netgear RAX43 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Netgear RAX43 is a wireless router from Netgear. No detailed vulnerability details are currently provided

Trust: 2.25

sources: NVD: CVE-2021-20170 // JVNDB: JVNDB-2021-017415 // CNVD: CNVD-2022-02648 // VULMON: CVE-2021-20170

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-02648

AFFECTED PRODUCTS

vendor:	netgear	model:	rax43	scope:	eq	version:	1.0.3.96	Trust: 1.6
vendor:	ネットギア	model:	rax43	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax43	scope:	eq	version:	rax43 firmware 1.0.3.96	Trust: 0.8

sources: CNVD: CNVD-2022-02648 // JVNDB: JVNDB-2021-017415 // NVD: CVE-2021-20170

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20170
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-20170
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-02648
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202112-2813
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-20170
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-02648
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-20170
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20170
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-02648 // JVNDB: JVNDB-2021-017415 // CNNVD: CNNVD-202112-2813 // NVD: CVE-2021-20170

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.0
problemtype:	Use hard-coded credentials (CWE-798) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017415 // NVD: CVE-2021-20170

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2813

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202112-2813

PATCH

title:	Top Page	url:	https://www.netgear.com/	Trust: 0.8
title:	Patch for Unknown Vulnerability in Netgear RAX43 (CNVD-2022-02648)	url:	https://www.cnvd.org.cn/patchInfo/show/313021	Trust: 0.6
title:	Netgear RAX43 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176861	Trust: 0.6

sources: CNVD: CNVD-2022-02648 // JVNDB: JVNDB-2021-017415 // CNNVD: CNNVD-202112-2813

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20170	Trust: 3.9
db:	TENABLE	id:	TRA-2021-55	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-017415	Trust: 0.8
db:	CNVD	id:	CNVD-2022-02648	Trust: 0.6
db:	CS-HELP	id:	SB2022010311	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-2813	Trust: 0.6
db:	VULMON	id:	CVE-2021-20170	Trust: 0.1

sources: CNVD: CNVD-2022-02648 // VULMON: CVE-2021-20170 // JVNDB: JVNDB-2021-017415 // CNNVD: CNNVD-202112-2813 // NVD: CVE-2021-20170

REFERENCES

url:	https://www.tenable.com/security/research/tra-2021-55	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20170	Trust: 2.0
url:	https://www.cybersecurity-help.cz/vdb/sb2022010311	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-02648 // VULMON: CVE-2021-20170 // JVNDB: JVNDB-2021-017415 // CNNVD: CNNVD-202112-2813 // NVD: CVE-2021-20170

SOURCES

db:	CNVD	id:	CNVD-2022-02648
db:	VULMON	id:	CVE-2021-20170
db:	JVNDB	id:	JVNDB-2021-017415
db:	CNNVD	id:	CNNVD-202112-2813
db:	NVD	id:	CVE-2021-20170

LAST UPDATE DATE

2024-08-14T14:02:52.807000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-02648	date:	2022-01-12T00:00:00
db:	VULMON	id:	CVE-2021-20170	date:	2021-12-31T00:00:00
db:	JVNDB	id:	JVNDB-2021-017415	date:	2023-01-18T01:15:00
db:	CNNVD	id:	CNNVD-202112-2813	date:	2022-01-12T00:00:00
db:	NVD	id:	CVE-2021-20170	date:	2022-01-11T14:26:08.810

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-02648	date:	2022-01-12T00:00:00
db:	VULMON	id:	CVE-2021-20170	date:	2021-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-017415	date:	2023-01-18T00:00:00
db:	CNNVD	id:	CNNVD-202112-2813	date:	2021-12-30T00:00:00
db:	NVD	id:	CVE-2021-20170	date:	2021-12-30T22:15:09.607