Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
References
Link | Resource |
---|---|
https://kb.netgear.com/000064077/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0017 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
05 Jan 2022, 14:55
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://kb.netgear.com/000064077/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0017 - Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 4.8 |
First Time |
Netgear r7900 Firmware
Netgear rax80 Netgear rax15 Netgear rax75 Netgear Netgear r7900 Netgear rax80 Firmware Netgear rax15 Firmware Netgear r7000 Netgear rax20 Firmware Netgear rax20 Netgear rax200 Firmware Netgear rax75 Firmware Netgear r8000 Netgear rax200 Netgear r7000 Firmware Netgear r8000 Firmware |
|
CWE | CWE-79 | |
CPE | cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:* |
26 Dec 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-26 01:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-45674
Mitre link : CVE-2021-45674
CVE.ORG link : CVE-2021-45674
JSON object : View
Products Affected
netgear
- rax20_firmware
- rax80_firmware
- r7000_firmware
- rax20
- rax200_firmware
- rax15
- rax15_firmware
- r7900_firmware
- rax200
- r8000_firmware
- rax75_firmware
- rax75
- r7000
- r8000
- r7900
- rax80
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')