CVE-2021-20168

Summary

Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin.

Affected Software

VendorProductVersion RangeStatus
n/aNetgear RAX431.0.3.96affected

Weaknesses

  • Improper Access Controls

ADP Enrichment

CVE Program Container

Additional References

References