CVE-2021-45665Cross-site Scripting in Netgear Eax20 Firmware

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
CNA6.5
EPSS
0.3%
top 49.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
Netgear Eax20 FirmwareNetgear Eax80 FirmwareNetgear Ex3700 Firmware+12 more
Timeline
PublishedDec 26
Latest updateDec 27

Description

Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages15 packages

NVDnetgear/eax20_firmware< 1.0.0.36
NVDnetgear/eax80_firmware< 1.0.1.62
NVDnetgear/rbw30_firmware< 2.6.1.4
NVDnetgear/ex3700_firmware< 1.0.0.90
NVDnetgear/ex3800_firmware< 1.0.0.90

Patches

Patch: kb.netgear.comPatch: kb.netgear.com

🔴Vulnerability Details

2
GHSA
GHSA-jqm7-xc8j-gcr6: Certain NETGEAR devices are affected by stored XSS2021-12-27
CVEList
CVE-2021-45665: Certain NETGEAR devices are affected by stored XSS2021-12-26
CVE-2021-45665 — Cross-site Scripting in Netgear | cvebase