CVE-2021-45671Cross-site Scripting in Netgear Cbr40 Firmware

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
CNA6.5
EPSS
0.2%
top 55.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
22
Netgear Cbr40 FirmwareNetgear Eax80 FirmwareNetgear Ex7500 Firmware+19 more
Timeline
PublishedDec 26
Latest updateDec 27

Description

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.62, EX7500 before 1.0.0.72, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.4.120, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.4.120, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.4.120, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages22 packages

NVDnetgear/rax200_firmware< 1.0.4.120
NVDnetgear/mr60_firmware< 1.0.6.110
NVDnetgear/ms60_firmware< 1.0.6.110
NVDnetgear/cbr40_firmware< 2.5.0.10
NVDnetgear/eax80_firmware< 1.0.1.62

Patches

Patch: kb.netgear.comPatch: kb.netgear.com

🔴Vulnerability Details

2
GHSA
GHSA-fq8h-4493-3g4m: Certain NETGEAR devices are affected by stored XSS2021-12-27
CVEList
CVE-2021-45671: Certain NETGEAR devices are affected by stored XSS2021-12-26
CVE-2021-45671 — Cross-site Scripting in Netgear | cvebase