From the screenshot of this website, the following key information about the vulnerability can be obtained: CVE ID: CVE-2021-34870 CVSS Score: 6.5 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Vendors: NETGEAR Affected Products: XR1000 Vulnerability Details: - The vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 routers. Authentication is not required to exploit this vulnerability. - The specific flaw exists within the processing of SOAP messages. The issue results from a lack of authentication required for a privileged request. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Additional Details: NETGEAR has issued an update to correct this vulnerability. More details can be found at: https://kb.netgear.com/000063967/Security-Advisory-for-a-Security-Misconfiguration-Vulnerability-on-the-XR1000-PSV-2021-0101 Disclosure Timeline: - 2021-05-05 - Vulnerability reported to vendor - 2021-09-08 - Coordinated public release of advisory Credit: Anonymous