CVE-2021-34870

Sažetak

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue results from a lack of authentication required for a privileged request. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13325.

Reference

https://www.zerodayinitiative.com/advisories/ZDI-21-1058/
https://kb.netgear.com/000063967/Security-Advisory-for-a-Security-Misconfiguration-Vulnerability-on-the-XR1000-PSV-2021-0101

CVSS

Base:	3.3
Impact:	2.9
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:A/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

31-01-2022 - 19:33

Objavljeno

25-01-2022 - 16:15