CVE-2021-34983

EPSS 0.18%
Published 07.05.2024 23:15:13
Last modified 14.08.2025 01:40:56
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ Xr1000 Firmware Version < 1.0.0.64

Netgear ≫ Xr1000 Version-

Netgear ≫ Xr300 Firmware Version < 1.0.3.68

Netgear ≫ Xr300 Version-

Netgear ≫ D6220 Firmware Version < 1.0.0.76

Netgear ≫ D6220 Version-

Netgear ≫ D6400 Firmware Version < 1.0.0.108

Netgear ≫ D6400 Version-

Netgear ≫ D7000v2 Firmware Version < 1.0.0.76

Netgear ≫ D7000v2 Version-

Netgear ≫ Dgn2200v4 Firmware Version < 1.0.0.126

Netgear ≫ Dgn2200v4 Version-

Netgear ≫ V6510-1fxaus Firmware Version < 1.0.0.80

Netgear ≫ V6510-1fxaus Version-

Netgear ≫ Dc112a Firmware Version < 1.0.0.62

Netgear ≫ Dc112a Version-

Netgear ≫ Ex3700 Firmware Version < 1.0.0.94

Netgear ≫ Ex3700 Version-

Netgear ≫ Ex3800 Firmware Version < 1.0.0.94

Netgear ≫ Ex3800 Version-

Netgear ≫ Ex6120 Firmware Version < 1.0.0.66

Netgear ≫ Ex6120 Version-

Netgear ≫ Ex6130 Firmware Version < 1.0.0.46

Netgear ≫ Ex6130 Version-

Netgear ≫ Ex7000 Firmware Version < 1.0.1.106

Netgear ≫ Ex7000 Version-

Netgear ≫ Ex7500 Firmware Version < 1.0.1.76

Netgear ≫ Ex7500 Version-

Netgear ≫ Mr60 Firmware Version < 1.1.6.122

Netgear ≫ Mr60 Version-

Netgear ≫ Mr80 Firmware Version < 1.1.6.10

Netgear ≫ Mr80 Version-

Netgear ≫ Ms60 Firmware Version < 1.1.6.122

Netgear ≫ Ms60 Version-

Netgear ≫ Ms80 Firmware Version < 1.1.6.10

Netgear ≫ Ms80 Version-

Netgear ≫ Lax20 Firmware Version < 1.1.6.30

Netgear ≫ Lax20 Version-

Netgear ≫ R6400 Firmware Version < 1.0.1.76

Netgear ≫ R6400 Version-

Netgear ≫ R6400v2 Firmware Version < 1.0.4.120

Netgear ≫ R6400v2 Version-

Netgear ≫ R6700v3 Firmware Version < 1.0.4.120

Netgear ≫ R6700v3 Version-

Netgear ≫ R6900p Firmware Version < 1.3.3.148

Netgear ≫ R6900p Version-

Netgear ≫ R7000 Firmware Version < 1.0.11.128

Netgear ≫ R7000 Version-

Netgear ≫ R7000p Firmware Version < 1.3.3.148

Netgear ≫ R7000p Version-

Netgear ≫ R7100lg Firmware Version < 1.0.0.72

Netgear ≫ R7100lg Version-

Netgear ≫ R7850 Firmware Version < 1.0.5.76

Netgear ≫ R7850 Version-

Netgear ≫ R7900p Firmware Version < 1.4.2.84

Netgear ≫ R7900p Version-

Netgear ≫ R7960p Firmware Version < 1.4.2.84

Netgear ≫ R7960p Version-

Netgear ≫ R8000 Firmware Version < 1.0.4.76

Netgear ≫ R8000 Version-

Netgear ≫ R8000p Firmware Version < 1.4.2.84

Netgear ≫ R8000p Version-

Netgear ≫ R8300 Firmware Version < 1.0.2.156

Netgear ≫ R8300 Version-

Netgear ≫ R8500 Firmware Version < 1.0.2.156

Netgear ≫ R8500 Version-

Netgear ≫ Rax15 Firmware Version < 1.0.4.100

Netgear ≫ Rax15 Version-

Netgear ≫ Rax20 Firmware Version < 1.0.4.100

Netgear ≫ Rax20 Version-

Netgear ≫ Rax200 Firmware Version < 1.0.5.132

Netgear ≫ Rax200 Version-

Netgear ≫ Rax35v2 Firmware Version < 1.0.4.100

Netgear ≫ Rax35v2 Version-

Netgear ≫ Rax38v2 Firmware Version < 1.0.4.100

Netgear ≫ Rax38v2 Version-

Netgear ≫ Rax40v2 Firmware Version < 1.0.4.100

Netgear ≫ Rax40v2 Version-

Netgear ≫ Rax42 Firmware Version < 1.0.4.100

Netgear ≫ Rax42 Version-

Netgear ≫ Rax43 Firmware Version < 1.0.4.100

Netgear ≫ Rax43 Version-

Netgear ≫ Rax45 Firmware Version < 1.0.4.100

Netgear ≫ Rax45 Version-

Netgear ≫ Rax48 Firmware Version < 1.0.4.100

Netgear ≫ Rax48 Version-

Netgear ≫ Rax50 Firmware Version < 1.0.4.100

Netgear ≫ Rax50 Version-

Netgear ≫ Rax50s Firmware Version < 1.0.4.100

Netgear ≫ Rax50s Version-

Netgear ≫ Rax75 Firmware Version < 1.0.5.132

Netgear ≫ Rax75 Version-

Netgear ≫ Rax80 Firmware Version < 1.0.5.132

Netgear ≫ Rax80 Version-

Netgear ≫ Raxe450 Firmware Version < 1.0.8.70

Netgear ≫ Raxe450 Version-

Netgear ≫ Raxe500 Firmware Version < 1.0.8.70

Netgear ≫ Raxe500 Version-

Netgear ≫ Rs400 Firmware Version < 1.5.1.80

Netgear ≫ Rs400 Version-

Netgear ≫ Wndr3400v3 Firmware Version < 1.0.1.42

Netgear ≫ Wndr3400v3 Version-

Netgear ≫ Wnr3500lv2 Firmware Version < 1.2.0.70

Netgear ≫ Wnr3500lv2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.405

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
zdi-disclosures@trendmicro.com	6.5	2.8	3.6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-1275/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-34983

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34983

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34983

EUVD