CVE-2021-44261

moderate-risk

Published 2022-03-17

A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.

Do I need to act?

1.6% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (5)

Wac104 Firmware

R7450 Firmware

R6900 Firmware

R7800 Firmware

R6220 Firmware

Affected Vendors

Netgear

References (4)

Exploit https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_W104_unauthori...

Vendor Advisory https://www.netgear.com/about/security/

Exploit https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_W104_unauthori...

Vendor Advisory https://www.netgear.com/about/security/

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 4/34 · Minimal

Exposure 12/34 · Low