Lucene search
K

147 matches found

Prion
Prion
added 2021/12/30 10:15 p.m.18 views

Default credentials

Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device...

5CVSS7.5AI score0.00589EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/30 10:15 p.m.24 views

Default configuration

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface port 5000 is sent via HTTP, which causes potentially sensitive information such as usernames and passwords to be...

5CVSS7.4AI score0.00589EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/30 10:15 p.m.17 views

Default configuration

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device's web interface is sent via HTTP, which causes potentially sensitive information such as usernames and passwords to be transmitted in...

5CVSS7.4AI score0.00589EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/30 10:15 p.m.23 views

Hardcoded credentials

Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools,...

6.5CVSS8.5AI score0.00779EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/30 9:31 p.m.15 views

CVE-2021-20175

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface port 5000 is sent via HTTP, which causes potentially sensitive information such as usernames and passwords to be...

7.6AI score0.00589EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/12/30 9:31 p.m.28 views

CVE-2021-20173

Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values...

9.1AI score0.03199EPSS
Exploits1References1
CVE
CVE
added 2021/12/30 9:31 p.m.55 views

CVE-2021-45077

CVE-2021-45077 affects Netgear Nighthawk R6700 (firmware 1.0.4.120). The device stores usernames and passwords for its services in plaintext in the primary configuration file; CNVD-2022-02652 notes an encryption vulnerability due to failure to encrypt account information, with plaintext credentia...

7.5CVSS7.5AI score0.00589EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/30 9:31 p.m.20 views

CVE-2021-45077

Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device...

7.7AI score0.00589EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/12/30 9:31 p.m.27 views

CVE-2021-45732

Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools,...

8.8AI score0.00779EPSS
Exploits0References1
CVE
CVE
added 2021/12/30 9:31 p.m.57 views

CVE-2021-23147

The CVE concerns Netgear Nighthawk R6700 router (v1.0.4.120). The root cause is insufficient protections for the UART console, enabling a physically proximate attacker with serial access to execute commands as root without authentication. Implications include full device compromise and potential ...

7.2CVSS6.6AI score0.00364EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/12/30 12:0 a.m.3 views

Netgear Nighthawk R6700 加密问题漏洞

The Netgear Nighthawk R6700 is a wireless router from Netgear, Inc. An encryption vulnerability exists in the Netgear Nighthawk R6700, which stems from the product's failure to encrypt account information. An attacker could obtain plaintext account information in the Zhu configuration file throug...

7.5CVSS5.6AI score0.00589EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/30 12:0 a.m.4 views

Netgear Nighthawk R6700 信任管理问题漏洞

The Netgear Nighthawk R6700 is a wireless router from Netgear, Inc. An encryption vulnerability exists in the Netgear Nighthawk R6700, which stems from the fact that the product does not effectively encrypt configuration files. An attacker could modify the backup configuration by extracting the...

8.8CVSS5.6AI score0.00779EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/30 12:0 a.m.4 views

Netgear Nighthawk R6700 信息泄露漏洞

An information disclosure vulnerability exists in the Netgear Nighthawk R6700, a wireless router from Netgear, which stems from the product's failure to encrypt HTTP requests. An attacker could gain access to sensitive information through this vulnerability...

7.5CVSS5.5AI score0.00589EPSS
Exploits0References3
NVD
NVD
added 2021/04/14 4:15 p.m.29 views

CVE-2021-27253

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

8.8CVSS0.01127EPSS
Exploits0References2
Prion
Prion
added 2021/04/14 4:15 p.m.19 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

8.3CVSS8.8AI score0.01127EPSS
Exploits0References2Affected Software43
Cvelist
Cvelist
added 2021/04/14 3:45 p.m.35 views

CVE-2021-27253

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

8.8CVSS9AI score0.01127EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2021/02/24 12:0 a.m.41 views

(Pwn2Own) NETGEAR Nighthawk R7800 ready-genie-cloud Insecure Download of Critical Component Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a...

8.8CVSS1.4AI score0.00731EPSS
Exploits0References1
OSV
OSV
added 2020/11/02 9:15 p.m.2 views

CVE-2020-28041

The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.6410.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs...

6.5CVSS5.7AI score0.01975EPSS
Exploits1References5
NVD
NVD
added 2020/11/02 9:15 p.m.15 views

CVE-2020-28041

The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.6410.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs...

6.5CVSS6.6AI score0.01975EPSS
Exploits1References5
Prion
Prion
added 2020/11/02 9:15 p.m.18 views

Design/Logic Flaw

The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.6410.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs...

4.3CVSS6.5AI score0.01975EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder