GCVE - cpe:2.3:a:n/a:netgear_rax43:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:netgear_rax43:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Netgear Rax43 (`ea7552d6-9502-5d0d-aadc-637ce3fea19d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-20171`	vulnerable	2026-06-08 05:29:08.628884	Details available Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device. Published: 2021-12-30T21:31:15.000Z Updated: 2024-08-03T17:30:07.477Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2021-55	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20170`	vulnerable	2026-06-08 05:29:08.628591	Details available Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed. Published: 2021-12-30T21:31:15.000Z Updated: 2024-08-03T17:30:07.477Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2021-55	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20169`	vulnerable	2026-06-08 05:29:08.628290	Details available Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext. Published: 2021-12-30T21:31:18.000Z Updated: 2024-08-03T17:30:07.449Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2021-55	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20168`	vulnerable	2026-06-08 05:29:08.627982	Details available Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin. Published: 2021-12-30T21:31:17.000Z Updated: 2024-08-03T17:30:07.570Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2021-55	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20167`	vulnerable	2026-06-08 05:29:08.627646	Details available Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. Published: 2021-12-30T21:31:17.000Z Updated: 2024-08-03T17:30:07.925Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2021-55	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20166`	vulnerable	2026-06-08 05:29:08.625504	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.