CVE-2021-20169
Description
Netgear RAX43 firmware 1.0.3.96 transmits all web interface traffic over HTTP, exposing credentials and sensitive data in cleartext.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Netgear RAX43 firmware 1.0.3.96 transmits all web interface traffic over HTTP, exposing credentials and sensitive data in cleartext.
Vulnerability
Netgear RAX43 firmware version 1.0.3.96 does not enforce HTTPS for its web management interface [1]. By default, all communication between the device and the browser is sent over unencrypted HTTP, meaning that any data transmitted—including login credentials, configuration details, and other sensitive information—is sent in cleartext. This affects the default configuration and does not require any special conditions to be reachable.
Exploitation
An attacker with network access (e.g., on the same LAN or able to intercept traffic between the user and the router) can passively capture HTTP traffic. No authentication or user interaction is required beyond the victim accessing the web interface. The attacker can use packet sniffing tools to read the plaintext HTTP requests and responses, extracting usernames, passwords, and other sensitive data.
Impact
Successful exploitation leads to disclosure of sensitive information, including administrator credentials and device configuration. This can allow the attacker to gain unauthorized access to the router's web interface, potentially leading to full compromise of the device and the network it manages.
Mitigation
As of the publication date (2021-12-30), no firmware update has been released to address this issue [1]. Users are advised to avoid accessing the web interface over untrusted networks and to consider using VPN or other encrypted tunnels when managing the device. If remote management is enabled, it should be disabled unless absolutely necessary. The vendor has not yet provided a fix; users should monitor Netgear's support page for future firmware updates.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Netgear/RAX43description
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The UART serial console is left enabled with hardcoded default credentials (admin:admin), allowing physical attackers to gain root shell access."
Attack vector
An attacker with physical access to the device connects to the UART port using a serial connection. The UART console is configured with default credentials (admin:admin), allowing the attacker to log in and execute commands as the root user [ref_id=1]. No authentication or prior access to the web interface is required.
Affected code
The advisory does not specify a particular function or file path for this vulnerability. The issue concerns the UART (Universal Asynchronous Receiver-Transmitter) serial console port on the Netgear RAX43 device [ref_id=1].
What the fix does
The advisory recommends disabling the UART console for production runs, or at least enforcing the same password mechanisms used for other device functionality (such as the web UI) [ref_id=1]. No patch is provided in the advisory.
Preconditions
- networkAttacker must have physical access to the device to connect to the UART port.
- configThe UART console must be accessible (default configuration).
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.tenable.com/security/research/tra-2021-55mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.