Login Sign Up

CVE-2021-39289

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability affects NetModule networking devices where passwords are stored insecurely using cleartext or reversible encryption. Attackers with access to device configuration files could extract credentials to gain unauthorized access. Affected models include NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800 with firmware before specified versions.

💻 Affected Systems

Products:
  • NB800
  • NB1600
  • NB1601
  • NB1800
  • NB1810
  • NB2700
  • NB2710
  • NB2800
  • NB2810
  • NB3700
  • NB3701
  • NB3710
  • NB3711
  • NB3720
  • NB3800
Versions: Firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105
Operating Systems: NetModule proprietary firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All affected models with vulnerable firmware versions are impacted by default.

📦 What is this software?

Netmodule Router Software by Netmodule

View all CVEs affecting Netmodule Router Software →

Netmodule Router Software by Netmodule

View all CVEs affecting Netmodule Router Software →

Netmodule Router Software by Netmodule

View all CVEs affecting Netmodule Router Software →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to network infiltration, credential theft, data exfiltration, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized administrative access to affected NetModule devices, allowing configuration changes, traffic interception, or device disruption.

🟢

If Mitigated

Limited impact if devices are isolated, have strong network controls, and attackers cannot access configuration files.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to device configuration files, which may be obtained through other vulnerabilities or physical access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.0.113, 4.4.0.111, or 4.5.0.105 and later

Vendor Advisory: https://www.netmodule.com

Restart Required: Yes

Instructions:

1. Download latest firmware from NetModule support portal. 2. Backup current configuration. 3. Upload and install firmware update via web interface or CLI. 4. Reboot device. 5. Verify firmware version.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices to restricted network segments to limit attack surface.

Access Control Hardening

all

Implement strict firewall rules to limit administrative access to trusted IPs only.

🧯 If You Can't Patch

  • Change all passwords to complex, unique credentials and monitor for unauthorized access.
  • Disable remote management interfaces and require physical access for configuration changes.

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface (System > Status) or CLI command 'show version'.

Check Version:

show version

Verify Fix Applied:

Confirm firmware version is 4.3.0.113, 4.4.0.111, 4.5.0.105 or later.

📡 Detection & Monitoring

Log Indicators:

  • Failed login attempts from unexpected sources
  • Configuration file access/modification events
  • Unauthorized administrative sessions

Network Indicators:

  • Unexpected administrative connections to device management ports
  • Traffic patterns indicating configuration changes

SIEM Query:

source="netmodule_device" AND (event_type="config_access" OR event_type="failed_login")

📊 Metadata

CVE ID: CVE-2021-39289
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-522
Published: August 23, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-39289, you might also want to check these:

CVE-2024-51545 10.0

This CVE describes a username enumeration vulnerability in ABB industrial control system products th...

Same vulnerability type (CWE-522)
CVE-2021-30116 10.0

CVE-2021-30116 is an authentication bypass vulnerability in Kaseya VSA that allows unauthenticated a...

Same vulnerability type (CWE-522)
CVE-2025-0867 9.9

This vulnerability allows standard users to execute commands with administrative privileges through ...

Same vulnerability type (CWE-522)