U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:netgear:rax43_firmware:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 7 matching records.
Displaying matches 1 through 7.
Vuln ID Summary CVSS Severity

Netgear RAX43 version stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.

Published: December 30, 2021; 5:15:09 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW

Netgear RAX43 version makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed.

Published: December 30, 2021; 5:15:09 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM

Netgear RAX43 version does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext.

Published: December 30, 2021; 5:15:09 PM -0500
V3.1: 6.8 MEDIUM
V2.0: 7.2 HIGH

Netgear RAX43 version does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin.

Published: December 30, 2021; 5:15:09 PM -0500
V3.1: 6.8 MEDIUM
V2.0: 7.2 HIGH

Netgear RAX43 version contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.

Published: December 30, 2021; 5:15:09 PM -0500
V3.1: 8.0 HIGH
V2.0: 7.7 HIGH

Netgear RAX43 version contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton.

Published: December 30, 2021; 5:15:09 PM -0500
V3.1: 8.8 HIGH
V2.0: 5.8 MEDIUM

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110.

Published: November 15, 2021; 11:15:09 AM -0500
V3.1: 8.8 HIGH
V2.0: 8.3 HIGH