CVE-2021-41449 Information

Description

A path traversal attack in web interfaces of Netgear RAX35 RAX38 and RAX40 routers before v1.0.4.102 allows a remote unauthenticated attacker to gain access to sensitive restricted information such as forbidden files of the web application via sending a specially crafted HTTP packet.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Reference

http://netgear.com https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268 https://www.netgear.com/about/security/ http://rax40.com

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.1