Sign-up

ID

VAR-202004-1531


CVE

CVE-2018-21095


TITLE

NETGEAR SRR60 and SRS60 Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016311

DESCRIPTION

Certain NETGEAR devices are affected by stored XSS. This affects SRR60 before 2.2.1.210 and SRS60 before 2.2.1.210. NETGEAR SRR60 and SRS60 A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR SRR60 and NETGEAR SRS60 are both wireless routers of NETGEAR. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code. This affects SRR60 prior to 2.2.1.210 and SRS60 prior to 2.2.1.210

Trust: 2.25

sources: NVD: CVE-2018-21095 // JVNDB: JVNDB-2018-016311 // CNVD: CNVD-2020-28138 // VULMON: CVE-2018-21095

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28138

AFFECTED PRODUCTS

vendor:netgearmodel:srr60scope:ltversion:2.2.1.210

Trust: 1.6

vendor:netgearmodel:srs60scope:ltversion:2.2.1.210

Trust: 1.6

vendor:netgearmodel:srr60scope:eqversion:2.2.1.210

Trust: 0.8

vendor:netgearmodel:srs60scope:eqversion:2.2.1.210

Trust: 0.8

vendor:netgearmodel:srr60scope:eqversion:2.2.0.64

Trust: 0.1

vendor:netgearmodel:srs60scope:eqversion:2.2.0.64

Trust: 0.1

sources: CNVD: CNVD-2020-28138 // VULMON: CVE-2018-21095 // JVNDB: JVNDB-2018-016311 // NVD: CVE-2018-21095

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-21095
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2018-21095
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2018-016311
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-28138
value: LOW

Trust: 0.6

CNNVD: CNNVD-202004-2184
value: MEDIUM

Trust: 0.6

VULMON: CVE-2018-21095
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-21095
severity: LOW
baseScore: 2.3
vectorString: AV:A/AC:M/AU:S/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2018-016311
severity: LOW
baseScore: 2.3
vectorString: AV:A/AC:M/AU:S/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-28138
severity: LOW
baseScore: 2.3
vectorString: AV:A/AC:M/AU:S/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-21095
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 2.7
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2018-21095
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: JVNDB-2018-016311
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-28138 // VULMON: CVE-2018-21095 // JVNDB: JVNDB-2018-016311 // CNNVD: CNNVD-202004-2184 // NVD: CVE-2018-21095 // NVD: CVE-2018-21095

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2018-016311 // NVD: CVE-2018-21095

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2184

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-2184

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016311

PATCH
title:Security Advisory for Stored Cross Site Scripting on SRS60 and SRR60, PSV-2018-0218url:https://kb.netgear.com/000060458/Security-Advisory-for-Stored-Cross-Site-Scripting-on-SRS60-and-SRR60-PSV-2018-0218
Trust: 0.8
title:Patch for NETGEAR SRR60 and SRS60 cross-site scripting vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/217429
Trust: 0.6
title:NETGEAR SRR60  and SRS60 Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117282
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-28138 // 
            
            
            
            JVNDB: JVNDB-2018-016311 // 
            
            
            
            CNNVD: CNNVD-202004-2184

EXTERNAL IDS
db:NVDid:CVE-2018-21095
Trust: 3.1
db:JVNDBid:JVNDB-2018-016311
Trust: 0.8
db:CNVDid:CNVD-2020-28138
Trust: 0.6
db:CNNVDid:CNNVD-202004-2184
Trust: 0.6
db:VULMONid:CVE-2018-21095
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28138 // 
            
            
            
            VULMON: CVE-2018-21095 // 
            
            
            
            JVNDB: JVNDB-2018-016311 // 
            
            
            
            CNNVD: CNNVD-202004-2184 // 
            
            
            
            NVD: CVE-2018-21095

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-21095
Trust: 2.0
url:https://kb.netgear.com/000060458/security-advisory-for-stored-cross-site-scripting-on-srs60-and-srr60-psv-2018-0218
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21095
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28138 // 
            
            
            
            VULMON: CVE-2018-21095 // 
            
            
            
            JVNDB: JVNDB-2018-016311 // 
            
            
            
            CNNVD: CNNVD-202004-2184 // 
            
            
            
            NVD: CVE-2018-21095

SOURCES
db:CNVDid:CNVD-2020-28138
db:VULMONid:CVE-2018-21095
db:JVNDBid:JVNDB-2018-016311
db:CNNVDid:CNNVD-202004-2184
db:NVDid:CVE-2018-21095

LAST UPDATE DATE
2024-11-23T23:11:26.880000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-28138date:2020-05-14T00:00:00
db:VULMONid:CVE-2018-21095date:2020-04-27T00:00:00
db:JVNDBid:JVNDB-2018-016311date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-2184date:2020-04-28T00:00:00
db:NVDid:CVE-2018-21095date:2024-11-21T04:02:53.363

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-28138date:2020-05-14T00:00:00
db:VULMONid:CVE-2018-21095date:2020-04-27T00:00:00
db:JVNDBid:JVNDB-2018-016311date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-2184date:2020-04-27T00:00:00
db:NVDid:CVE-2018-21095date:2020-04-27T16:15:12.600