Description
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2021-57
Scores
CVSS v3
8.8
EPSS
0.0029
EPSS Percentile
52.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
netgear/r6700_firmware
1.0.4.120
Published
Dec 30, 2021
Tracked Since
Feb 18, 2026