CVE-2021-45639

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 51.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Cbr40 Firmware Netgear Eax20 Firmware Netgear Eax80 Firmware +30 more

Timeline

PublishedDec 26

Latest updateDec 27

Description

Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX5…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.1 | Impact: 2.7

Affected Packages33 packages

▶NVDnetgear/r7000p_firmware< 1.3.2.126

▶NVDnetgear/r7900p_firmware< 1.4.1.66

▶NVDnetgear/r8000p_firmware< 1.4.1.66

▶NVDnetgear/rax200_firmware< 1.0.2.102

▶NVDnetgear/mr60_firmware< 1.0.5.102

🔴Vulnerability Details

GHSA

GHSA-fgjf-8pq6-h3gr: Certain NETGEAR devices are affected by reflected XSS↗2021-12-27

▶

CVEList

CVE-2021-45639: Certain NETGEAR devices are affected by reflected XSS↗2021-12-26

▶