← voltar
CVE-2021-34870

CVE-2021-34870

CVSS 6.5 MEDIUMEPSS 0.9%CWE-306
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.5EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
25 jan 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue results from a lack of authentication required for a privileged request. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13325.
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
NETGEAR · XR1000

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://kb.netgear.com/000063967/Security-Advisory-for-a-Security-Misconfiguration-Vulnerability-on-the-XR1000-PSV-2021-0101https://www.zerodayinitiative.com/advisories/ZDI-21-1058/