SB2022010311 - Multiple vulnerabilities in Netgear RAX43

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022010311

SB2022010311 - Multiple vulnerabilities in Netgear RAX43

Published: January 3, 2022

Security Bulletin ID SB2022010311
Severity
Medium
Patch available
NO
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2021-20166)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the URL parsing functionality in the cgi-bin endpoint. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Cleartext transmission of sensitive information (CVE-ID: CVE-2021-20168)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information within the UART interface. A remote attacker can gain access to sensitive data.


3) Protection Mechanism Failure (CVE-ID: CVE-2021-20169)

The vulnerability allows a local attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures within UART port. An attacker with physical access can bypass implemented security restrictions and elevate privileges on the system.


4) Use of Hard-coded Cryptographic Key (CVE-ID: CVE-2021-20170)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected product uses a hard-coded cryptographic key. A remote authenticated attacker on the local network can reconfigure settings not intended to be manipulated and restore a backup, causing these settings to be changed


5) Cleartext storage of sensitive information (CVE-ID: CVE-2021-20171)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to the storage of sensitive information in plain-text. A local attacker can retrieve sensitive information stored in cleartext.


6) Command Injection (CVE-ID: CVE-2021-20167)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation in the readycloud_control.cgi binary. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References