cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-20169,https://securityvulnerability.io/vulnerability/CVE-2021-20169,Insecure Communications in Netgear RAX43 Web Interface,"The Netgear RAX43, specifically version 1.0.3.96, suffers from a vulnerability where the web interface does not employ secure communication protocols. Instead, all data exchanged with the device occurs over HTTP, which can expose sensitive information such as usernames and passwords in cleartext. This flaw raises significant security concerns, as attackers could intercept unencrypted traffic and gain unauthorized access to critical data.",Netgear,Netgear Rax43,6.8,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2021-12-30T21:31:18.000Z,0
CVE-2021-20168,https://securityvulnerability.io/vulnerability/CVE-2021-20168,Unauthorized Access Vulnerability in Netgear RAX43,"The Netgear RAX43 version 1.0.3.96 features an inadequate security measure for its UART interface. This weakness allows an attacker with physical access to the device to connect through the UART port using a serial connection. Once connected, the attacker can log in using default credentials (admin:admin) and gain root access, enabling them to execute arbitrary commands, which poses significant security risks to the device and its network.",Netgear,Netgear Rax43,6.8,MEDIUM,0.0012199999764561653,false,,false,false,false,,,false,false,,2021-12-30T21:31:17.000Z,0
CVE-2021-20167,https://securityvulnerability.io/vulnerability/CVE-2021-20167,Command Injection Vulnerability in Netgear RAX43 Router,"The Netgear RAX43 router version 1.0.3.96 is susceptible to a command injection vulnerability in the readycloud cgi application, specifically in the name parameter. This flaw allows attackers to execute arbitrary commands on the device, potentially compromising the security and integrity of the router. Users are advised to update to the latest version to mitigate risks associated with this vulnerability.",Netgear,Netgear Rax43,8,HIGH,0.9380499720573425,false,,false,false,false,,,false,false,,2021-12-30T21:31:17.000Z,0
CVE-2021-20166,https://securityvulnerability.io/vulnerability/CVE-2021-20166,Buffer Overrun Vulnerability in Netgear RAX43 Router,"The Netgear RAX43 router version 1.0.3.96 is susceptible to a buffer overrun vulnerability found in its cgi-bin URL parsing functionality. This flaw could potentially allow an attacker to manipulate the application's control flow by exploiting the improper handling of input data, leading to unauthorized actions or disclosure of sensitive information. It is crucial for users to ensure their devices are updated to mitigate risks associated with this vulnerability.",Netgear,Netgear Rax43,8.8,HIGH,0.0040699997916817665,false,,false,false,false,,,false,false,,2021-12-30T21:31:16.000Z,0
CVE-2021-20170,https://securityvulnerability.io/vulnerability/CVE-2021-20170,Hardcoded Credentials Vulnerability in Netgear RAX43 Routers,"The Netgear RAX43 router models, specifically version 1.0.3.96, suffer from a vulnerability due to the use of hardcoded credentials. This issue allows unauthorized users to manipulate configuration backups through a password-protected zip file that contains a hardcoded password (RAX50w!a4udk). Although the settings are encrypted, users can extract, alter, and re-zip the configuration, enabling them to change critical router settings not meant for user manipulation. This flaw underscores the importance of robust security practices in router firmware to prevent unauthorized access and protect network integrity.",Netgear,Netgear Rax43,8.8,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2021-12-30T21:31:15.000Z,0
CVE-2021-20171,https://securityvulnerability.io/vulnerability/CVE-2021-20171,Plaintext Storage Vulnerability in Netgear RAX43 Router,"The Netgear RAX43 router version 1.0.3.96 has a vulnerability that allows sensitive information to be stored in plaintext. This includes critical data such as usernames and passwords for associated services, which are saved unencrypted in the device's primary configuration file. This flaw poses a significant risk to the security and privacy of users, as it could be exploited to gain unauthorized access to device settings and services.",Netgear,Netgear Rax43,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-12-30T21:31:15.000Z,0