CVE-2018-21209

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.3%
top 44.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Netgear Jnr1010 FirmwareNetgear Jr6150 FirmwareNetgear Jwnr2010 Firmware+7 more
Timeline
PublishedApr 28
Latest updateMay 24

Description

Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages10 packages

NVDnetgear/r6050_firmware< 1.0.1.10
NVDnetgear/r6220_firmware< 1.1.0.60
NVDnetgear/jr6150_firmware< 1.0.1.10
NVDnetgear/pr2000_firmware< 1.0.0.20
NVDnetgear/wnr2020_firmware< 1.1.0.46

🔴Vulnerability Details

2
GHSA
GHSA-mwvg-rm6p-8rhr: Certain NETGEAR devices are affected by reflected XSS2022-05-24
CVEList
CVE-2018-21209: Certain NETGEAR devices are affected by reflected XSS2020-04-28
CVE-2018-21209 (MEDIUM CVSS 4.8) | Certain NETGEAR devices are affecte | cvebase.io