CVE-2021-34977
ID CVE-2021-34977
Shrnutí
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP requests. The issue results from the lack of proper authentication verification before performing a password reset. An attacker can leverage this vulnerability to reset the admin password. Was ZDI-CAN-13483.
Reference
Zranitelné konfigurace
cpe:2.3:o:netgear:r7000_firmware:1.0.11.116_10.2.100:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*
CVSS 5.8
CWE CWE-287
Přístupnost
authentication complexity vector
NONE LOW ADJACENT_NETWORK
authentication:
NONE
complexity:
LOW
vector:
ADJACENT_NETWORK
Dopad
availability confidentiality integrity
PARTIAL PARTIAL PARTIAL
availability:
PARTIAL
confidentiality:
PARTIAL
integrity:
PARTIAL
CVSS vektor AV:A/AC:L/Au:N/C:P/I:P/A:P
Poslední velká aktualizace 20.1.2022 - 14:46
Publikováno 13.1.2022 - 22:15
Poslédní úpravy 20.1.2022 - 14:46
Vendoři
Netgear
Zařízení
Štítky