Login Sign Up

CVE-2021-20174

7.5 HIGH

📋 TL;DR

This vulnerability exposes Netgear Nighthawk R6700 router credentials to interception by using unencrypted HTTP instead of HTTPS for web interface communication. Attackers on the same network can capture login credentials and other sensitive data transmitted to the router's admin interface. All users with the affected router model and firmware version are vulnerable.

💻 Affected Systems

Products:
  • Netgear Nighthawk R6700
Versions: 1.0.4.120
Operating Systems: Router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects web interface communication; other services may use different protocols.

📦 What is this software?

R6700 Firmware by Netgear

View all CVEs affecting R6700 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers capture admin credentials, gain full router control, redirect traffic to malicious sites, install persistent malware, and compromise all connected devices.

🟠

Likely Case

Local network attackers capture admin credentials and reconfigure router settings, potentially enabling further attacks on connected devices.

🟢

If Mitigated

With HTTPS enabled or network segmentation, attackers cannot intercept credentials, limiting exposure to other vulnerabilities.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires network access to intercept HTTP traffic; tools like Wireshark or ettercap can capture credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.4.122 or later

Vendor Advisory: https://kb.netgear.com/000063978/Security-Advisory-for-Cleartext-Transmission-of-Sensitive-Information-on-Some-Routers-PSV-2021-0010

Restart Required: Yes

Instructions:

1. Log into router admin interface via current IP. 2. Navigate to Advanced > Administration > Router Update. 3. Check for updates and install latest firmware. 4. Reboot router after update completes.

🔧 Temporary Workarounds

Enable HTTPS manually

all

Force HTTPS usage for admin interface if supported by firmware

Manual configuration via router web interface under Advanced > Administration > Remote Management

Network segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

  • Disable remote management and only access router from wired connection
  • Change admin password regularly and monitor for unauthorized configuration changes

🔍 How to Verify

Check if Vulnerable:

Check if accessing router web interface uses HTTP instead of HTTPS by examining URL in browser

Check Version:

Check router web interface under Advanced > Administration > Router Status

Verify Fix Applied:

Confirm firmware version is 1.0.4.122 or later and HTTPS is enforced for admin access

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts
  • Unexpected configuration changes
  • Admin login from unusual IP addresses

Network Indicators:

  • HTTP traffic to router admin interface containing credentials
  • ARP spoofing or MITM activity on local network

SIEM Query:

source="router_logs" AND (event="admin_login" OR event="config_change")

📊 Metadata

CVE ID: CVE-2021-20174
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-319
Published: December 30, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20174, you might also want to check these:

CVE-2023-33730 9.8

CVE-2023-33730 is a critical privilege escalation vulnerability in Microworld Technologies eScan Man...

Same vulnerability type (CWE-319)
CVE-2022-21829 9.8

This vulnerability in Concrete CMS allows authenticated high-privilege users to download zip files o...

Same vulnerability type (CWE-319)
CVE-2020-5426 9.8

CVE-2020-5426 allows attackers to intercept UAA client tokens transmitted in plaintext over non-TLS ...

Same vulnerability type (CWE-319)