I say that because Netgear hasn’t addressed any of this since they were contacted on September 30th of last year. Or you can just pull the router from service and use something else from another vendor. If you have v3 of this router, you are advised to change the default credentials to something unique and strong. If you have the v1 or v2 versions of this router, you should pull them from service immediately and replace them with something else from another vendor.
These flaws could allow an attacker on the network to take complete control of the device. CVE-2021-45077: All usernames and passwords for the device’s services are stored in plaintext form in the configuration file.CVE-2021-45732: Configuration manipulation via hardcoded encryption routines, allowing the changing of settings that are locked for reasons of security.Exploiting this flaw requires physical access to the device. CVE-2021-23147: Command execution as root without authentication via a UART port connection.
#Latest version of netgear genie password
CVE-2021-20174: HTTP is used by default on all communications of the device’s web interface, risking username and password interception in cleartext form.
#Latest version of netgear genie update
CVE-2021-20173: A post-authentication command injection flaw in the update functionality of the device, making it susceptible to command injection.On top of that, here’s a list of issues with this router: On top of that, the device uses a MiniDLNA is server version which is known to contain lots of vulnerabilities. Cybersecurity company Tenable found several instances of jQuery libraries relying on version 1.4.2, which is known to contain lots of vulnerabilities. It’s only the first day of the new year and already I am reporting on a serious set of vulnerabilities with the Netgear Nighthawk R6700 router which is a very popular choice home users who want a bit more power behind their WiFi.
0 kommentar(er)
