CVE-2021-45732 - OpenCVE

Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netgear	R6700 R6700 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:netgear:r6700_firmware:1.0.4.120:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.tenable.com/security/research/tra-2021-57

History

No history.

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2021-12-30T21:31:20

Updated: 2024-08-04T04:47:02.172Z

Reserved: 2021-12-30T00:00:00

Link: CVE-2021-45732

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-12-30T22:15:10.063

Modified: 2022-01-11T17:20:31.657

Link: CVE-2021-45732

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Netgear Nighthawk R6700", "vendor": "n/a", "versions": [{"status": "affected", "version": "1.0.4.120"}]}], "descriptions": [{"lang": "en", "value": "Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed."}], "problemTypes": [{"descriptions": [{"description": "Hardcoded Credentials", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-30T21:31:20", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2021-57"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2021-45732", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Netgear Nighthawk R6700", "version": {"version_data": [{"version_value": "1.0.4.120"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Hardcoded Credentials"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2021-57", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2021-57"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:47:02.172Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2021-57"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2021-45732", "datePublished": "2021-12-30T21:31:20", "dateReserved": "2021-12-30T00:00:00", "dateUpdated": "2024-08-04T04:47:02.172Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6700_firmware:1.0.4.120:*:*:*:*:*:*:*", "matchCriteriaId": "AA1C8A12-2DF8-4414-ACAF-9AC869331CE9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6700:-:*:*:*:*:*:*:*", "matchCriteriaId": "21B27F11-4262-4CE1-8107-B365A7C152F2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed."}, {"lang": "es", "value": "Netgear Nighthawk R6700 versi\u00f3n 1.0.4.120, usa una credencial embebida. No parece que usuarios normales puedan manipular las copias de seguridad de la configuraci\u00f3n debido a que est\u00e1n cifradas/ofuscadas. Al extraer la configuraci\u00f3n usando herramientas p\u00fablicas f\u00e1cilmente disponibles, un usuario puede reconfigurar los ajustes que no est\u00e1n destinados a ser manipulados, volver a empaquetar la configuraci\u00f3n y restaurar una copia de seguridad causando que estos ajustes sean cambiados.\n"}], "id": "CVE-2021-45732", "lastModified": "2022-01-11T17:20:31.657", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-30T22:15:10.063", "references": [{"source": "vulnreport@tenable.com", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2021-57"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}