CVE-2021-20171

MEDIUM

Netgear RAX43 1.0.3.96 - Cleartext Storage of Sensitive Information in Configuration File

Title source: llm
STIX 2.1

Description

Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2021-55

Scores

CVSS v3 5.5
EPSS 0.0006
EPSS Percentile 18.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-312
Status published
Products (1)
netgear/rax43_firmware 1.0.3.96
Published Dec 30, 2021
Tracked Since Feb 18, 2026