Lucene search

MitreCVE-2021-45675

HistoryDec 26, 2021 - 1:15 a.m.

CVE-2021-45675

2021-12-2601:15:21

CWE-79

mitre

web.nvd.nist.gov

cve-2021-45675

netgear

stored xss

vulnerability

security advisory

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6700v2 before 1.2.0.76, R6900v2 before 1.2.0.76, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, and AC2600 before 1.2.0.76.

Affected configurations

Nvd

Node

netgearr6120_firmwareRange<1.0.0.76

AND

netgearr6120Match-

Node

netgearr6260_firmwareRange<1.1.0.78

AND

netgearr6260Match-

Node

netgearr6850_firmwareRange<1.1.0.78

AND

netgearr6850Match-

Node

netgearr6350_firmwareRange<1.1.0.78

AND

netgearr6350Match-

Node

netgearr6330_firmwareRange<1.1.0.78

AND

netgearr6330Match-

Node

netgearr6800_firmwareRange<1.2.0.76

AND

netgearr6800Match-

Node

netgearr6700v2_firmwareRange<1.2.0.76

AND

netgearr6700v2Match-

Node

netgearr6900v2_firmwareRange<1.2.0.76

AND

netgearr6900v2Match-

Node

netgearr7200_firmwareRange<1.2.0.76

AND

netgearr7200Match-

Node

netgearr7350_firmwareRange<1.2.0.76

AND

netgearr7350Match-

Node

netgearr7400_firmwareRange<1.2.0.76

AND

netgearr7400Match-

Node

netgearr7450_firmwareRange<1.2.0.76

AND

netgearr7450Match-

Node

netgearac2100_firmwareRange<1.2.0.76

AND

netgearac2100Match-

Node

netgearac2400_firmwareMatch1.2.0.76

AND

netgearac2400Match-

Node

netgearac2600_firmwareRange<1.2.0.76

AND

netgearac2600Match-

VendorProductVersionCPE
netgearr6120_firmware*cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*
netgearr6120-cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*
netgearr6260_firmware*cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*
netgearr6260-cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*
netgearr6850_firmware*cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*
netgearr6850-cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*
netgearr6350_firmware*cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*
netgearr6350-cpe:2.3:h:netgear:r6350:-:*:*:*:*:*:*:*
netgearr6330_firmware*cpe:2.3:o:netgear:r6330_firmware:*:*:*:*:*:*:*:*
netgearr6330-cpe:2.3:h:netgear:r6330:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	r6120_firmware	*	cpe:2.3:o:netgear:r6120_firmware::::::::
netgear	r6120	-	cpe:2.3:h:netgear:r6120:-:::::::*
netgear	r6260_firmware	*	cpe:2.3:o:netgear:r6260_firmware::::::::
netgear	r6260	-	cpe:2.3:h:netgear:r6260:-:::::::*
netgear	r6850_firmware	*	cpe:2.3:o:netgear:r6850_firmware::::::::
netgear	r6850	-	cpe:2.3:h:netgear:r6850:-:::::::*
netgear	r6350_firmware	*	cpe:2.3:o:netgear:r6350_firmware::::::::
netgear	r6350	-	cpe:2.3:h:netgear:r6350:-:::::::*
netgear	r6330_firmware	*	cpe:2.3:o:netgear:r6330_firmware::::::::
netgear	r6330	-	cpe:2.3:h:netgear:r6330:-:::::::*

Rows per page:

1-10 of 301

References

kb.netgear.com/000064116/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0128

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVE-2021-45675