QSearchQSearch

CVE-2021-39289

7.5 HIGH

Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.1...

Published: 2021-08-23 · Last updated: 2026-06-17

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-522

Affected products

VendorProduct
netmodulenetmodule_router_software

Description

Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-39291 Certain NetModule devices allow credentials via GET parameters to CLI-PHP (8.8 HIGH)
  • CVE-2021-39290 Certain NetModule devices allow Limited Session Fixation via PHPSESSID (9.8 CRITICAL)

Same CWE

  • CVE-2026-53840 OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configur... (7.1 HIGH)
  • CVE-2026-6517 Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in ... (6.3 MEDIUM)
  • CVE-2026-49949 CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive crede... (5.3 MEDIUM)
  • CVE-2024-45636 IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user (4.1 MEDIUM)
  • CVE-2026-41715 In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials (6.1 MEDIUM)