Unrated severityNVD Advisory· Published Dec 9, 2021· Updated Aug 4, 2024

CVE-2021-41449

Description

A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A path traversal vulnerability in Netgear RAX35, RAX38, and RAX40 routers allows remote unauthenticated attackers to access sensitive files.

Vulnerability

A path traversal vulnerability exists in the web interface of Netgear RAX35, RAX38, and RAX40 routers prior to firmware version 1.0.4.102 [2]. An unauthenticated remote attacker can exploit this by sending a specially crafted HTTP packet to traverse directory paths and access restricted files within the web application [2].

Exploitation

The attacker needs network access to the router's web interface, typically over the local network or potentially from the internet if the interface is exposed. No authentication is required. The attacker crafts an HTTP request with path traversal sequences (e.g., ../) to read files outside the web root [2].

Impact

Successful exploitation allows the attacker to read sensitive files stored on the router, such as configuration files, credentials, or other restricted data, leading to information disclosure [2]. The CVSS score is 6.9 (Medium), with high confidentiality impact [2].

Mitigation

Netgear has released firmware version 1.0.4.102 to fix this vulnerability [2]. Users should download and install the latest firmware from Netgear's support page [2]. No workarounds are provided; updating is the only mitigation.

References

Security Advisory for Path Traversal on Some Routers, PSV-2021-0268

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Netgear/RAX35description
Netgear/RAX40llm-fuzzy
Range: <1.0.4.102
Netgear/RAX35llm-fuzzy
Range: <1.0.4.102
Netgear/RAX38llm-fuzzy
Range: <1.0.4.102

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

netgear.commitrex_refsource_MISC
rax40.commitrex_refsource_MISC
kb.netgear.com/000064405/Security-Advisory-for-Path-Traversal-on-Some-Routers-PSV-2021-0268mitrex_refsource_MISC
www.netgear.com/about/security/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000