cvedb.io
CVE-2021-41449
HIGH · CVSS 7.1
EPSS exploitation probability: 0%
Published 2021-12-09T14:15:12.563 · Last modified 2026-06-17T04:08:31.620

Summary

A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.

Affected products

netgear — rax35_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when netgear ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.