CVE-2021-45639

Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX50 before 1.0.2.28, RAX80 before 1.0.3.102, EX3800 before 1.0.0.90, MS60 before 1.0.5.102, R6900P before 1.3.2.126, R7900P before 1.4.1.66, RAX15 before 1.0.1.64, RAX45 before 1.0.2.28, RAX75 before 1.0.3.102, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

CVSS v3.0 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://kb.netgear.com/000064460/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0121	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:cbr40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:cbr40:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:eax20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:eax20:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:eax80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:eax80:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7900:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:netgear:rax50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax50:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:netgear:rax45_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax45:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:netgear:rbk752_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk752:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:netgear:rbk852_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbk852:-:*:*:*:*:*:*:*

Information

Published : 2021-12-25 17:15

Updated : 2022-01-06 06:53

NVD link : CVE-2021-45639

Mitre link : CVE-2021-45639

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

netgear

r6900p
rax45
rax50
r7000p
rax75_firmware
rax200
xr300_firmware
ex3700_firmware
rax80_firmware
r7900p_firmware
ex6130_firmware
rbk752_firmware
ex3800
rbs750_firmware
ex7000_firmware
ex3700
eax20_firmware
cbr40
r6900p_firmware
ms60_firmware
r7960p_firmware
rax20_firmware
r7000p_firmware
r8000p_firmware
r7900_firmware
r7960p
rbk852_firmware
rbr850
rax200_firmware
rbr850_firmware
rax50_firmware
ex6130
rax80
r7000
r7000_firmware
mr60
ex6120
rax75
eax80_firmware
rbs850_firmware
rax20
rbk752
r8000
eax80
rbr750_firmware
ms60
ex7000
ex6120_firmware
cbr40_firmware
r8000_firmware
r7900
ex7500_firmware
ex7500
eax20
rbs750
rbk852
mr60_firmware
r7900p
rbr750
xr300
rax15
rax45_firmware
r8000p
rbs850
rax15_firmware
ex3800_firmware

6.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2021-45639

6.1^/10

4.3^/10

Attach tags to `CVE-2021-45639`