How severe is CVE-2021-29080?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2021-29080?

This is classified as CWE-640, which is a common weakness in software security.

CVE-2021-29080 - HIGH Severity | CVSS 8.1

Vulnerability Description

Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR854 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, R7000 before 1.0.11.116, R6900P before 1.3.2.126, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and R7000P before 1.3.2.126.

Related Vulnerabilities

CVE-2014-6412

HIGH

CVSS:8.1(High)

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

CWE-6402014

CVE-2017-0921

HIGH

CVSS:8.1(High)

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account tak...

CWE-6402017

CVE-2017-8613

HIGH

CVSS:8.1(High)

Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Az...

CWE-6402017

CVE-2018-1000812

HIGH

CVSS:8.1(High)

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45...

CWE-6402018

CVE-2018-12579

HIGH

CVSS:8.1(High)

An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1....

CWE-6402018

CVE-2019-12943

HIGH

CVSS:8.1(High)

TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.

CWE-6402019