2 matches found
CVE-2021-35973
NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/minihttpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows th...
CVE-2021-35973
The CVE-2021-35973 entry describes an authentication bypass in NETGEAR WAC104 devices (pre-1.0.4.15) via the mini_httpd component. Exploitation allows unauthenticated attackers to invoke actions by injecting the substring currentsetting.htm into HTTP queries, enabling password changes for the web...