CVE-2021-45668

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 55.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Netgear Eax20 FirmwareNetgear Eax80 FirmwareNetgear Ex3700 Firmware+14 more
Timeline
PublishedDec 26
Latest updateDec 27

Description

Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:LExploitability: 0.7 | Impact: 5.3

Affected Packages17 packages

NVDnetgear/rax200_firmware< 1.0.3.106
NVDnetgear/eax20_firmware< 1.0.0.48
NVDnetgear/eax80_firmware< 1.0.1.64
NVDnetgear/rax15_firmware< 1.0.2.82
NVDnetgear/rax20_firmware< 1.0.2.82

Patches

Patch: kb.netgear.comPatch: kb.netgear.com

🔴Vulnerability Details

2
GHSA
GHSA-w87f-h8mf-mp2w: Certain NETGEAR devices are affected by stored XSS2021-12-27
CVEList
CVE-2021-45668: Certain NETGEAR devices are affected by stored XSS2021-12-26
CVE-2021-45668 (MEDIUM CVSS 4.8) | Certain NETGEAR devices are affecte | cvebase.io