CVE-2021-45670

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.4%
top 41.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
30
Netgear Cbr40 FirmwareNetgear Eax20 FirmwareNetgear Eax80 Firmware+27 more
Timeline
PublishedDec 26
Latest updateDec 27

Description

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7000 before 1.0.11.116, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R7000P before 1.3.2.126, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 befo

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:LExploitability: 0.7 | Impact: 5.3

Affected Packages30 packages

NVDnetgear/r7000p_firmware< 1.3.2.126
NVDnetgear/rax200_firmware< 1.0.3.106
NVDnetgear/mr60_firmware< 1.0.6.110
NVDnetgear/ms60_firmware< 1.0.6.110
NVDnetgear/cbr40_firmware< 2.5.0.10

Patches

Patch: kb.netgear.comPatch: kb.netgear.com

🔴Vulnerability Details

2
GHSA
GHSA-4fj9-jwhq-wg29: Certain NETGEAR devices are affected by stored XSS2021-12-27
CVEList
CVE-2021-45670: Certain NETGEAR devices are affected by stored XSS2021-12-26
CVE-2021-45670 (MEDIUM CVSS 4.8) | Certain NETGEAR devices are affecte | cvebase.io