Description

NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708.

INFO

Published Date :

2024-05-07T22:54:51.052Z

Last Modified :

2024-08-04T00:26:55.842Z

Source :

zdi
AFFECTED PRODUCTS

The following products are affected by CVE-2021-34983 vulnerability.

Vendors Products
Netgear
  • D6220
  • D6220 Firmware
  • D6400
  • D6400 Firmware
  • D7000v2
  • D7000v2 Firmware
  • Dc112a
  • Dc112a Firmware
  • Dgn2200v4
  • Dgn2200v4 Firmware
  • Ex3700
  • Ex3700 Firmware
  • Ex3800
  • Ex3800 Firmware
  • Ex6120
  • Ex6120 Firmware
  • Ex6130
  • Ex6130 Firmware
  • Ex7000
  • Ex7000 Firmware
  • Ex7500
  • Ex7500 Firmware
  • Lax20
  • Lax20 Firmware
  • Mr60
  • Mr60 Firmware
  • Mr80
  • Mr80 Firmware
  • Ms60
  • Ms60 Firmware
  • Ms80
  • Ms80 Firmware
  • R6400
  • R6400 Firmware
  • R6400v2
  • R6400v2 Firmware
  • R6700v3
  • R6700v3 Firmware
  • R6900p
  • R6900p Firmware
  • R7000
  • R7000 Firmware
  • R7000p
  • R7000p Firmware
  • R7100lg
  • R7100lg Firmware
  • R7850
  • R7850 Firmware
  • R7900p
  • R7900p Firmware
  • R7960p
  • R7960p Firmware
  • R8000
  • R8000 Firmware
  • R8000p
  • R8000p Firmware
  • R8300
  • R8300 Firmware
  • R8500
  • R8500 Firmware
  • Rax15
  • Rax15 Firmware
  • Rax20
  • Rax200
  • Rax200 Firmware
  • Rax20 Firmware
  • Rax35v2
  • Rax35v2 Firmware
  • Rax38v2
  • Rax38v2 Firmware
  • Rax40v2
  • Rax40v2 Firmware
  • Rax42
  • Rax42 Firmware
  • Rax43
  • Rax43 Firmware
  • Rax45
  • Rax45 Firmware
  • Rax48
  • Rax48 Firmware
  • Rax50
  • Rax50 Firmware
  • Rax50s
  • Rax50s Firmware
  • Rax75
  • Rax75 Firmware
  • Rax80
  • Rax80 Firmware
  • Raxe450
  • Raxe450 Firmware
  • Raxe500
  • Raxe500 Firmware
  • Rs400
  • Rs400 Firmware
  • V6510-1fxaus
  • V6510-1fxaus Firmware
  • Wndr3400v3
  • Wndr3400v3 Firmware
  • Wnr3500lv2
  • Wnr3500lv2 Firmware
  • Xr1000
  • Xr1000 Firmware
  • Xr300
  • Xr300 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2021-34983.

URL Resource
https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159 cve-icon cve-icon
https://www.zerodayinitiative.com/advisories/ZDI-21-1275/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact