Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transport security by default, this renders the administrative credentials vulnerable to eavesdropping by an adversary during every authenticated request made by a client to the router over a WLAN, or a LAN, should the adversary be able to perform a man-in-the-middle attack.

Published

2025-02-18T18:15:13.450

Last Modified

2025-06-06T18:01:39.573

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-319

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	c7800_firmware	6.01.07	Yes
Hardware	netgear	c7800	-	No

References

https://seclists.org/fulldisclosure/2025/Feb/12 Mailing List, Third Party Advisory ([email protected])
https://www.netgear.com/about/security/ Vendor Advisory ([email protected])
https://www.netgear.com/images/datasheet/networking/cablemodems/C7800.pdf Product ([email protected])
http://seclists.org/fulldisclosure/2025/Feb/12 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)