CVE-2021-20170 – CVE-2021-20170 is a hardcoded credential vulner... (How to Fix)

Q: What is the severity of CVE-2021-20170?

CVE-2021-20170 has a CVSS score of 8.8 (HIGH). CVE-2021-20170 is a hardcoded credential vulnerability in Netgear RAX43 routers that allows attackers to decrypt configuration backups using the password 'RAX50w!a4udk', modify restricted settings, and restore malicious configurations. This affects Netgear RAX43 router users running vulnerable firmware versions. Attackers with access to configuration backups can bypass intended security controls.

📋 TL;DR

CVE-2021-20170 is a hardcoded credential vulnerability in Netgear RAX43 routers that allows attackers to decrypt configuration backups using the password 'RAX50w!a4udk', modify restricted settings, and restore malicious configurations. This affects Netgear RAX43 router users running vulnerable firmware versions. Attackers with access to configuration backups can bypass intended security controls.

💻 Affected Systems

Products:

Netgear RAX43

Versions: 1.0.3.96

Operating Systems: Router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

Rax43 Firmware by Netgear

View all CVEs affecting Rax43 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attackers to change DNS settings, redirect traffic, disable security features, or gain persistent access to the network.

🟠

Likely Case

Unauthorized configuration changes leading to network disruption, credential theft, or installation of malicious firmware.

🟢

If Mitigated

Limited impact if configuration backups are properly secured and not accessible to unauthorized users.

🌐 Internet-Facing: MEDIUM - Requires access to configuration backup files, which may be exposed through web interfaces or improper file sharing.

🏢 Internal Only: HIGH - Internal attackers with access to configuration backups can exploit this vulnerability easily.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to configuration backup files and knowledge of the hardcoded password. The vulnerability is well-documented in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Netgear support for latest firmware

Vendor Advisory: https://kb.netgear.com/000064437/Security-Advisory-for-Hardcoded-Credential-on-RAX43-PSV-2021-0010

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates. 4. Download and install latest firmware. 5. Reboot router after update completes.

🔧 Temporary Workarounds

Disable configuration backup feature

all

Prevent creation of configuration backups that could be exploited

Secure configuration backups

all

Store configuration backups in encrypted locations with restricted access

🧯 If You Can't Patch

Restrict access to router administration interface to trusted users only
Monitor for unauthorized configuration changes and backup file access

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 1.0.3.96, the device is vulnerable.

Check Version:

Log into router web interface and check firmware version under Advanced > Administration > Firmware Update

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.0.3.96 and test that configuration backups cannot be decrypted with the hardcoded password.

📡 Detection & Monitoring

Log Indicators:

Multiple configuration restore attempts
Unexpected firmware version changes
Unauthorized admin login attempts

Network Indicators:

Unusual DNS server changes
Unexpected network configuration modifications

SIEM Query:

source="router_logs" AND (event="configuration_restore" OR event="firmware_update")

📊 Metadata

CVE ID: CVE-2021-20170

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: December 30, 2021

Last Updated: November 21, 2024

🔗 References

https://www.tenable.com/security/research/tra-2021-55 Third Party Advisory
https://www.tenable.com/security/research/tra-2021-55 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20170, you might also want to check these: