CVE-2021-45675

Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6700v2 before 1.2.0.76, R6900v2 before 1.2.0.76, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, and AC2600 before 1.2.0.76.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:netgear:ac2400_firmware:1.2.0.76:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*

History

05 Jan 2022, 21:06

Type Values Removed Values Added
CWE CWE-79
References (MISC) https://kb.netgear.com/000064116/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0128 - (MISC) https://kb.netgear.com/000064116/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0128 - Patch, Vendor Advisory
CPE cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6900v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6700v2:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ac2400_firmware:1.2.0.76:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6700v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6900v2:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*
First Time Netgear r6350 Firmware
Netgear ac2100 Firmware
Netgear r7200 Firmware
Netgear r6700v2 Firmware
Netgear r7400 Firmware
Netgear r6330
Netgear r7400
Netgear r6850 Firmware
Netgear r6260
Netgear r6850
Netgear r7450
Netgear
Netgear r7350
Netgear r7350 Firmware
Netgear r6120 Firmware
Netgear ac2100
Netgear r6330 Firmware
Netgear ac2400 Firmware
Netgear ac2600 Firmware
Netgear r7200
Netgear r6700v2
Netgear r6900v2 Firmware
Netgear r7450 Firmware
Netgear r6800 Firmware
Netgear r6120
Netgear r6800
Netgear r6900v2
Netgear r6350
Netgear ac2400
Netgear r6260 Firmware
Netgear ac2600
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 4.8

26 Dec 2021, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-26 01:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-45675

Mitre link : CVE-2021-45675

CVE.ORG link : CVE-2021-45675


JSON object : View

Products Affected

netgear

  • r7350
  • r6350
  • r6330_firmware
  • r6900v2
  • r7200_firmware
  • r6330
  • ac2600_firmware
  • r7450_firmware
  • r6120
  • ac2100
  • r6800
  • r7400
  • r6120_firmware
  • r6900v2_firmware
  • r6850
  • r6260_firmware
  • r7400_firmware
  • r6700v2
  • r6850_firmware
  • r6260
  • ac2100_firmware
  • ac2600
  • ac2400
  • r7200
  • r6800_firmware
  • ac2400_firmware
  • r7350_firmware
  • r6700v2_firmware
  • r6350_firmware
  • r7450
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')