Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, R7000P before 1.3.3.140, RAX80 before 1.0.3.106, R6900P before 1.3.3.140, and RAX75 before 1.0.3.106.
References
Link | Resource |
---|---|
https://kb.netgear.com/000064456/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0003 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
05 Jan 2022, 15:06
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
References | (MISC) https://kb.netgear.com/000064456/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0003 - Patch, Vendor Advisory | |
First Time |
Netgear r7900 Firmware
Netgear r6900p Firmware Netgear r6900p Netgear rax80 Netgear rax75 Netgear Netgear r7900 Netgear rax80 Firmware Netgear r7000 Netgear rax200 Firmware Netgear rax75 Firmware Netgear r8000 Netgear rax200 Netgear r7000 Firmware Netgear r7000p Netgear r8000 Firmware Netgear r7000p Firmware |
|
CPE | cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:* |
26 Dec 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-26 01:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-45673
Mitre link : CVE-2021-45673
CVE.ORG link : CVE-2021-45673
JSON object : View
Products Affected
netgear
- r7000
- r8000
- r7000_firmware
- rax80
- rax75_firmware
- rax75
- rax80_firmware
- r8000_firmware
- r7000p
- r6900p
- r6900p_firmware
- r7900_firmware
- rax200_firmware
- r7000p_firmware
- rax200
- r7900
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')