CVE-2021-20171
Description
Netgear RAX43 firmware 1.0.3.96 stores admin passwords and other credentials in plaintext in configuration files, enabling local attackers to read sensitive data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Netgear RAX43 firmware 1.0.3.96 stores admin passwords and other credentials in plaintext in configuration files, enabling local attackers to read sensitive data.
Vulnerability
CVE-2021-20171 affects Netgear RAX43 devices running firmware version 1.0.3.96. The router stores all usernames and passwords for associated services in plaintext. The admin password is stored in plaintext in the primary configuration file on the device [1].
Exploitation
An attacker with physical access or local network access to the device can read the configuration files (e.g., via a web interface or file retrieval) to obtain stored credentials. No authentication is required to read the files if access to the filesystem is possible [1].
Impact
Successful exploitation allows an attacker to obtain the device's admin password and other service credentials in plaintext. This can lead to full administrative control of the router and potentially compromise any services relying on those credentials [1].
Mitigation
Netgear has not released a firmware update to address this issue as of the publication date of the advisory (December 2021) [1]. Users should consider isolating the device from untrusted networks and monitoring for any official patch.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Netgear/RAX43description
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The device stores all usernames and passwords for associated services in plaintext in the primary configuration file, with no encryption at rest."
Attack vector
An attacker with local access to the device (e.g., via physical access or by exploiting another remote vulnerability to gain a shell) can read the primary configuration file and extract all stored credentials in plaintext [ref_id=1]. No authentication or special privileges are required beyond the ability to read the file. The CVSS vector (AV:L/AC:L/PR:N/UI:N) confirms the attack requires local access but no privileges or user interaction [ref_id=1].
Affected code
The advisory states that "all usernames and passwords for the device's associated services are stored in plaintext on the device" and specifically notes that "the admin password is stored in plaintext in the primary configuration file on the device" [ref_id=1]. No specific file path or function name is provided beyond the reference to the primary configuration file.
What the fix does
The advisory does not include a patch or remediation guidance specific to this issue [ref_id=1]. No fix has been published in the provided bundle. To close the vulnerability, the device firmware should be updated to encrypt all stored credentials at rest, using a strong, device-specific key rather than a hardcoded or reversible mechanism.
Preconditions
- networkAttacker must have local access to the device (e.g., physical access or a shell obtained via another vulnerability)
- authNo authentication required to read the configuration file once local access is achieved
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.tenable.com/security/research/tra-2021-55mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.