Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
References
Link | Resource |
---|---|
https://kb.netgear.com/000064122/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2020-0257 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
History
06 Jan 2022, 14:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:eax80:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:eax20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:eax20:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:* |
|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 4.8 |
References | (MISC) https://kb.netgear.com/000064122/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2020-0257 - Patch, Vendor Advisory | |
First Time |
Netgear ex7500 Firmware
Netgear r7900p Firmware Netgear ex6130 Firmware Netgear ex3700 Netgear rax80 Netgear Netgear rax80 Firmware Netgear rax15 Firmware Netgear rax20 Netgear rax200 Firmware Netgear r7960p Firmware Netgear ex3800 Firmware Netgear ex6130 Netgear rax50 Firmware Netgear eax80 Netgear eax80 Firmware Netgear rax50 Netgear rax15 Netgear rax75 Netgear ex7500 Netgear rax20 Firmware Netgear ex3800 Netgear eax20 Firmware Netgear rax45 Firmware Netgear r8000p Firmware Netgear eax20 Netgear rax200 Netgear r7900p Netgear ex3700 Firmware Netgear rax75 Firmware Netgear rax45 Netgear r7960p Netgear ex6120 Netgear ex6120 Firmware Netgear r8000p |
26 Dec 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-26 01:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-45668
Mitre link : CVE-2021-45668
CVE.ORG link : CVE-2021-45668
JSON object : View
Products Affected
netgear
- rax75
- rax50_firmware
- ex3800
- eax80
- rax15
- eax20
- r7960p
- ex7500
- r7960p_firmware
- rax45
- ex3700_firmware
- eax80_firmware
- rax200
- rax80
- rax45_firmware
- r8000p
- rax75_firmware
- r7900p
- r8000p_firmware
- ex7500_firmware
- eax20_firmware
- rax80_firmware
- rax50
- r7900p_firmware
- ex3700
- ex6120
- ex6120_firmware
- rax20_firmware
- rax15_firmware
- rax20
- rax200_firmware
- ex6130
- ex3800_firmware
- ex6130_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')