CVE-2021-38537

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*

History

19 Aug 2021, 16:11

Type Values Removed Values Added
CPE cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 4.8
References (MISC) https://kb.netgear.com/000063775/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0245 - (MISC) https://kb.netgear.com/000063775/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0245 - Vendor Advisory

11 Aug 2021, 00:17

Type Values Removed Values Added
New CVE

Information

Published : 2021-08-11 00:17

Updated : 2023-12-10 13:55


NVD link : CVE-2021-38537

Mitre link : CVE-2021-38537

CVE.ORG link : CVE-2021-38537


JSON object : View

Products Affected

netgear

  • d6200
  • ac2400
  • r6700_firmware
  • r6850_firmware
  • rax40_firmware
  • r6850
  • r6020_firmware
  • ac2100
  • r6080_firmware
  • r7450_firmware
  • r7450
  • rax40
  • ac2600_firmware
  • r7400
  • r7200_firmware
  • d6200_firmware
  • r6120
  • d7000
  • d7000_firmware
  • ac2400_firmware
  • r7400_firmware
  • r7200
  • r6120_firmware
  • r6900
  • r6020
  • r6900_firmware
  • r6700
  • r6800
  • r7350_firmware
  • ac2100_firmware
  • r6080
  • ac2600
  • r6800_firmware
  • r7350
  • r6260_firmware
  • r6260
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')