从这个网站的截图中可以获取以下关于漏洞的关键信息: CVE ID: CVE-2021-34870 CVSS Score: 6.5 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Vendors: NETGEAR Affected Products: XR1000 Vulnerability Details: - The vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 routers. Authentication is not required to exploit this vulnerability. - The specific flaw exists within the processing of SOAP messages. The issue results from a lack of authentication required for a privileged request. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Additional Details: NETGEAR has issued an update to correct this vulnerability. More details can be found at: https://kb.netgear.com/000063967/Security-Advisory-for-a-Security-Misconfiguration-Vulnerability-on-the-XR1000-PSV-2021-0101 Disclosure Timeline: - 2021-05-05 - Vulnerability reported to vendor - 2021-09-08 - Coordinated public release of advisory Credit: Anonymous