CVE-2021-34870

Description

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue results from a lack of authentication required for a privileged request. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13325.

Risk Information

Base Score

6.5

MODERATE

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

0.292

Associated Vulnerability

Vulnerability	OS Platform
Missing Authentication for Critical Function Vulnerability (CVE-2021-34870)	NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234