CVE-2021-45667 - Vulnerability Details

Description

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000P before 1.4.1.66, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

Published: 2021-12-26

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netgear:eax20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:eax20:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:eax80:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netgear:rbs40v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs40v:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netgear:rbw30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbw30:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2021-32433	Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000P before 1.4.1.66, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00364.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://kb.netgear.com/000064481/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0256

History

No history.

Subscriptions

Netgear Cbr40 Cbr40 Firmware Eax20 Eax20 Firmware Eax80 Eax80 Firmware Ex3700 Ex3700 Firmware Ex3800 Ex3800 Firmware Ex6120 Ex6120 Firmware Ex6130 Ex6130 Firmware Ex7500 Ex7500 Firmware Mr60 Mr60 Firmware Ms60 Ms60 Firmware R7900p R7900p Firmware R7960p R7960p Firmware R8000p R8000p Firmware Rax15 Rax15 Firmware Rax20 Rax200 Rax200 Firmware Rax20 Firmware Rax45 Rax45 Firmware Rax50 Rax50 Firmware Rax75 Rax75 Firmware Rax80 Rax80 Firmware Rbk752 Rbk752 Firmware Rbk852 Rbk852 Firmware Rbr750 Rbr750 Firmware Rbr850 Rbr850 Firmware Rbs40v Rbs40v Firmware Rbs750 Rbs750 Firmware Rbs850 Rbs850 Firmware Rbw30 Rbw30 Firmware

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-26T00:25:53.000Z

Updated: 2024-08-04T04:47:01.865Z

Reserved: 2021-12-25T00:00:00.000Z

Link: CVE-2021-45667

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-12-26T01:15:20.870

Modified: 2024-11-21T06:32:49.870

Link: CVE-2021-45667

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

Tracking

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object