CVE-2021-20168
Description
Netgear RAX43 firmware 1.0.3.96 lacks UART protections, allowing physical access to root via default admin:admin credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Netgear RAX43 firmware 1.0.3.96 lacks UART protections, allowing physical access to root via default admin:admin credentials.
Vulnerability
Netgear Nighthawk RAX43 firmware version 1.0.3.96 does not provide sufficient protection for the UART interface [1]. An attacker with physical access to the device can connect a serial cable to the UART port and, because the device has not disabled or password-protected the console, log in using the default credentials admin:admin. The affected firmware version is 1.0.3.96, and the issue appears to be a missing configuration hardening measure.
Exploitation
An attacker needs physical access to the device and a serial adapter (e.g., USB-to-UART). No authentication or network access is required. After connecting to the UART console, the attacker uses the default login credentials admin:admin to gain an interactive root shell [1]. No user interaction or race condition is needed.
Impact
Successful exploitation gives the attacker full root privileges on the router, allowing complete control over the device: reading or modifying all files, installing persistent malware, exfiltrating sensitive data (e.g., Wi-Fi passwords, VPN keys), and launching further network attacks from inside the home or small-office network [1]. Confidentiality, integrity, and availability of the device and data on the local network are compromised.
Mitigation
Netgear has not released a firmware update that addresses this UART exposure for the RAX43 as of the publication date [1]. No workarounds are provided. Physical hardening (controlling access to the device) is the only mitigation. The device is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Netgear/RAX43description
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The UART interface lacks authentication hardening and uses hardcoded default credentials (admin:admin), allowing any physical attacker to obtain a root shell."
Attack vector
An attacker with physical access to the device connects to the UART port using a serial cable. The UART console is unprotected and accepts the hardcoded default credentials admin:admin, granting immediate root-level shell access [ref_id=1]. No network access or authentication bypass is needed; physical proximity to the device is the sole precondition.
Affected code
The advisory does not specify a particular function or file path for the UART interface issue. The vulnerability is in the device's UART (serial) console implementation, which exposes a root shell with default credentials (admin:admin) [ref_id=1].
What the fix does
The advisory recommends disabling the UART console for production runs, or enforcing the same password mechanisms used for other device functionality (such as the web UI) [ref_id=1]. No patch is published in the bundle; the vendor's remediation guidance is to remove or restrict the UART debug interface.
Preconditions
- networkAttacker must have physical access to the device to connect to the UART port
- configUART console is enabled and uses default credentials admin:admin
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.tenable.com/security/research/tra-2021-55mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.