CVE ID: CVE-2021-34977 CVSS Score: 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Vendor: NETGEAR Affected Product: R7000 Vulnerability Details: - Allows network-adjacent attackers to bypass authentication on affected NETGEAR R7000 routers. - The vulnerability exists within the processing of SOAP requests due to lack of proper authentication verification. - Attackers can exploit this to reset the admin password. Additional Details: NETGEAR has released an update. More information can be found here. Disclosure Timeline: - 2021-06-02: Vulnerability reported to vendor - 2021-10-28: Coordinated public release of advisory Credit: Xinan Zhou (the University of California, Riverside and Fudan University)