CVE-2021-45493
Description
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NETGEAR RAX35, RAX38, and RAX40 routers before firmware 1.0.4.102 disclose administrative credentials to unauthenticated attackers.
Vulnerability
The vulnerability affects NETGEAR RAX35, RAX38, and RAX40 routers running firmware versions prior to 1.0.4.102. It allows disclosure of administrative credentials. The exact code path is not detailed in the advisory, but the CVSS vector indicates network-based exploitation with low complexity and no privileges required, though user interaction is required [1].
Exploitation
An unauthenticated attacker on the network can exploit this vulnerability by tricking a user into performing some action (user interaction required). The advisory does not provide specific steps, but the CVSS suggests that the attacker can obtain administrative credentials without authentication [1].
Impact
Successful exploitation leads to disclosure of administrative credentials, resulting in high confidentiality impact. The attacker may also gain limited integrity and availability impact (CVSS: I:L, A:L). With admin credentials, the attacker could potentially modify router settings or disrupt service [1].
Mitigation
NETGEAR has released firmware version 1.0.4.102 to fix this vulnerability. Users should update their devices to the latest firmware as soon as possible. No workarounds are mentioned. The advisory was published on 2021-12-20 [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- NETGEAR/RAX35description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.