Vulnerability Details CVE-2021-41449
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.6%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 3.6
References
- http://netgear.com
- http://rax40.com
- https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268
- https://www.netgear.com/about/security/
- http://netgear.com
- http://rax40.com
- https://kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268
- https://www.netgear.com/about/security/
Products affected by CVE-2021-41449
-
cpe:2.3:h:netgear:rax35:-
-
cpe:2.3:h:netgear:rax38:-
-
cpe:2.3:h:netgear:rax40:-
-
cpe:2.3:o:netgear:rax35_firmware:-
-
cpe:2.3:o:netgear:rax35_firmware:1.0.3.62
-
cpe:2.3:o:netgear:rax35_firmware:1.0.3.80
-
cpe:2.3:o:netgear:rax35_firmware:1.0.3.94
-
cpe:2.3:o:netgear:rax38_firmware:-
-
cpe:2.3:o:netgear:rax38_firmware:1.0.3.94
-
cpe:2.3:o:netgear:rax40_firmware:-
-
cpe:2.3:o:netgear:rax40_firmware:1.0.3.62
-
cpe:2.3:o:netgear:rax40_firmware:1.0.3.64
-
cpe:2.3:o:netgear:rax40_firmware:1.0.3.80
-
cpe:2.3:o:netgear:rax40_firmware:1.0.3.94