CVE-2021-38535

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.

CVSS v3.0 4.8 MEDIUM
CVSS v2.0 3.5 LOW

4.8^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*

Information

Published : 2021-08-10 17:17

Updated : 2021-08-19 09:42

NVD link : CVE-2021-38535

Mitre link : CVE-2021-38535

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

netgear

rax35
rax40_firmware
d6200
r6700
ac2600_firmware
r6120_firmware
r7450_firmware
ac2600
r6260
r6850_firmware
r7400_firmware
r7450
d7000_firmware
r7200_firmware
r6080
ac2400_firmware
ac2100_firmware
r6800
r6850
r7350
r6020_firmware
rax40
r6020
r7200
r6900
r7400
rax35_firmware
r6080_firmware
r6900_firmware
d7000
ac2400
r6260_firmware
r7350_firmware
r6800_firmware
d6200_firmware
ac2100
r6700_firmware
r6120

4.8 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2021-38535

4.8^/10

3.5^/10

Attach tags to `CVE-2021-38535`