Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-45666

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.

Published

2021-12-26T01:15:20.827

Last Modified

2024-11-21T06:32:49.713

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	eax80_firmware	< 1.0.1.64	Yes
Hardware	netgear	eax80	-	No
Operating System	netgear	ex3700_firmware	< 1.0.0.90	Yes
Hardware	netgear	ex3700	-	No
Operating System	netgear	ex3800_firmware	< 1.0.0.90	Yes
Hardware	netgear	ex3800	-	No
Operating System	netgear	ex6120_firmware	< 1.0.0.64	Yes
Hardware	netgear	ex6120	-	No
Operating System	netgear	ex6130_firmware	< 1.0.0.44	Yes
Hardware	netgear	ex6130	-	No
Operating System	netgear	ex7500_firmware	< 1.0.0.72	Yes
Hardware	netgear	ex7500	-	No
Operating System	netgear	rbw30_firmware	< 2.6.1.4	Yes
Hardware	netgear	rbw30	-	No
Operating System	netgear	rbk752_firmware	< 3.2.16.6	Yes
Hardware	netgear	rbk752	-	No
Operating System	netgear	rbr750_firmware	< 3.2.16.6	Yes
Hardware	netgear	rbr750	-	No
Operating System	netgear	rbs750_firmware	< 3.2.16.6	Yes
Hardware	netgear	rbs750	-	No
Operating System	netgear	rbk852_firmware	< 3.2.16.6	Yes
Hardware	netgear	rbk852	-	No
Operating System	netgear	rbr850_firmware	< 3.2.16.6	Yes
Hardware	netgear	rbr850	-	No
Operating System	netgear	rbs850_firmware	< 3.2.16.6	Yes
Hardware	netgear	rbs850	-	No
Operating System	netgear	rbs40v_firmware	< 2.6.1.4	Yes
Hardware	netgear	rbs40v	-	No
Operating System	netgear	cbr40_firmware	< 2.5.0.10	Yes
Hardware	netgear	cbr40	-	No

References

https://kb.netgear.com/000064121/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0254 Patch, Vendor Advisory ([email protected])
https://kb.netgear.com/000064121/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0254 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)