CVE-2021-45668 - OpenCVE

Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Netgear	Ex3800 Eax20 Firmware Ex3700 Firmware Rax50 Firmware Eax80 Firmware Ex6120 Firmware Ex6130 Rax75 Firmware R8000p Rax80 Firmware Rax20 Rax45 Ex6130 Firmware R8000p Firmware Eax80 Rax75 Ex6120 Rax15 R7960p Firmware Ex7500 Rax20 Firmware Rax45 Firmware R7960p Rax80 R7900p Ex3800 Firmware Rax15 Firmware Eax20 Rax200 Firmware R7900p Firmware Rax50 Rax200 Ex3700 Ex7500 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:netgear:eax20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:eax20:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:eax80:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*

References

Link	Resource
https://kb.netgear.com/000064122/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2020-0257	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-26T00:25:40

Updated: 2021-12-26T00:25:40

Reserved: 2021-12-25T00:00:00

Link: CVE-2021-45668

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-12-26T01:15:20.917

Modified: 2022-01-06T14:50:31.230

Link: CVE-2021-45668

JSON object: View

Redhat Information

No data.

CWE

CWE-79