Details of VAR-202004-1655

ID

VAR-202004-1655

CVE

CVE-2018-21209

TITLE

plural NETGEAR Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016341

DESCRIPTION

Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. NETGEAR JNR1010, etc. are all wireless routers from NETGEAR. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code. This affects JNR1010v2 prior to 1.1.0.46, JR6150 prior to 1.0.1.10, JWNR2010v5 prior to 1.1.0.46, PR2000 prior to 1.0.0.20, R6050 prior to 1.0.1.10, R6220 prior to 1.1.0.60, WNDR3700v5 prior to 1.1.0.50, WNR1000v4 prior to 1.1.0.46, WNR2020 prior to 1.1.0.46, and WNR2050 prior to 1.1.0.46

Trust: 2.25

sources: NVD: CVE-2018-21209 // JVNDB: JVNDB-2018-016341 // CNVD: CNVD-2021-28014 // VULMON: CVE-2018-21209

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-28014

AFFECTED PRODUCTS

vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.10	Trust: 1.6
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.10	Trust: 1.6
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.60	Trust: 1.6
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.46	Trust: 1.6
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.46	Trust: 1.6
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.20	Trust: 1.6
vendor:	netgear	model:	wndr3700	scope:	lt	version:	1.1.0.50	Trust: 1.6
vendor:	netgear	model:	jwnr2010	scope:	lt	version:	1.1.0.46	Trust: 1.6
vendor:	netgear	model:	jnr1010	scope:	lt	version:	1.1.0.46	Trust: 1.6
vendor:	netgear	model:	wnr1000	scope:	lt	version:	1.1.0.46	Trust: 1.0
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.46	Trust: 0.8
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.10	Trust: 0.8
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.46	Trust: 0.8
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.20	Trust: 0.8
vendor:	netgear	model:	r6050	scope:	eq	version:	1.1.0.60	Trust: 0.8
vendor:	netgear	model:	r6220	scope:	eq	version:	1.0.0.42	Trust: 0.8
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.1.0.50	Trust: 0.8
vendor:	netgear	model:	wnr1000	scope:	eq	version:	1.1.0.46	Trust: 0.8
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.46	Trust: 0.8
vendor:	netgear	model:	wnr2050	scope:	eq	version:	1.1.0.46	Trust: 0.8
vendor:	netgear	model:	wnr1000v4	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	wndr3700v5	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	jwnr2010v5	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	jnr1010v2	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.0.0.32	Trust: 0.1
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.40	Trust: 0.1
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.42	Trust: 0.1
vendor:	netgear	model:	jnr1010	scope:	eq	version:	1.1.0.44	Trust: 0.1
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.0.17	Trust: 0.1
vendor:	netgear	model:	jr6150	scope:	eq	version:	1.0.1.7	Trust: 0.1
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.40	Trust: 0.1
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.42	Trust: 0.1
vendor:	netgear	model:	jwnr2010	scope:	eq	version:	1.1.0.44	Trust: 0.1
vendor:	netgear	model:	pr2000	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.17	Trust: 0.1
vendor:	netgear	model:	pr2000	scope:	eq	version:	1.0.0.18	Trust: 0.1
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.0.86	Trust: 0.1
vendor:	netgear	model:	r6050	scope:	eq	version:	1.0.1.7	Trust: 0.1
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.46	Trust: 0.1
vendor:	netgear	model:	r6220	scope:	eq	version:	1.1.0.50	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.0.2.86	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.0.2.88	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.0.2.92	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.0.2.94	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.0.2.96	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.1.0.46	Trust: 0.1
vendor:	netgear	model:	wndr3700	scope:	eq	version:	1.1.0.48	Trust: 0.1
vendor:	netgear	model:	wnr1000	scope:	eq	version:	-	Trust: 0.1
vendor:	netgear	model:	wnr1000	scope:	eq	version:	1.1.0.40	Trust: 0.1
vendor:	netgear	model:	wnr1000	scope:	eq	version:	1.1.0.42	Trust: 0.1
vendor:	netgear	model:	wnr1000	scope:	eq	version:	1.1.0.44	Trust: 0.1
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.40	Trust: 0.1
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.42	Trust: 0.1
vendor:	netgear	model:	wnr2020	scope:	eq	version:	1.1.0.44	Trust: 0.1
vendor:	netgear	model:	wnr2050	scope:	eq	version:	1.1.0.40	Trust: 0.1
vendor:	netgear	model:	wnr2050	scope:	eq	version:	1.1.0.42	Trust: 0.1
vendor:	netgear	model:	wnr2050	scope:	eq	version:	1.1.0.44	Trust: 0.1

sources: CNVD: CNVD-2021-28014 // VULMON: CVE-2018-21209 // JVNDB: JVNDB-2018-016341 // NVD: CVE-2018-21209

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-21209
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2018-21209
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2018-016341
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-28014
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202004-2281
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2018-21209
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-21209
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2018-016341
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-28014
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-21209
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2018-21209
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	JVNDB-2018-016341
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-28014 // VULMON: CVE-2018-21209 // JVNDB: JVNDB-2018-016341 // CNNVD: CNNVD-202004-2281 // NVD: CVE-2018-21209 // NVD: CVE-2018-21209

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2018-016341 // NVD: CVE-2018-21209

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2281

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-2281

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016341

PATCH

title:	Security Advisory for Reflected Cross-Site Scripting on Some Routers and Extenders, PSV-2017-2514	url:	https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514	Trust: 0.8
title:	Patch for Cross-site scripting vulnerabilities in multiple NETGEAR products (CNVD-2021-28014)	url:	https://www.cnvd.org.cn/patchInfo/show/257966	Trust: 0.6
title:	Multiple NETGEAR Fixes for product cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117373	Trust: 0.6

sources: CNVD: CNVD-2021-28014 // JVNDB: JVNDB-2018-016341 // CNNVD: CNNVD-202004-2281

EXTERNAL IDS

db:	NVD	id:	CVE-2018-21209	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-016341	Trust: 0.8
db:	CNVD	id:	CNVD-2021-28014	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2281	Trust: 0.6
db:	VULMON	id:	CVE-2018-21209	Trust: 0.1

sources: CNVD: CNVD-2021-28014 // VULMON: CVE-2018-21209 // JVNDB: JVNDB-2018-016341 // CNNVD: CNNVD-202004-2281 // NVD: CVE-2018-21209

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-21209	Trust: 2.0
url:	https://kb.netgear.com/000055140/security-advisory-for-reflected-cross-site-scripting-on-some-routers-and-extenders-psv-2017-2514	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-21209	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-28014 // VULMON: CVE-2018-21209 // JVNDB: JVNDB-2018-016341 // CNNVD: CNNVD-202004-2281 // NVD: CVE-2018-21209

SOURCES

db:	CNVD	id:	CNVD-2021-28014
db:	VULMON	id:	CVE-2018-21209
db:	JVNDB	id:	JVNDB-2018-016341
db:	CNNVD	id:	CNNVD-202004-2281
db:	NVD	id:	CVE-2018-21209

LAST UPDATE DATE

2024-11-23T22:25:32.282000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-28014	date:	2021-04-14T00:00:00
db:	VULMON	id:	CVE-2018-21209	date:	2020-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2018-016341	date:	2020-06-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-2281	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2018-21209	date:	2024-11-21T04:03:10.943

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-28014	date:	2021-04-14T00:00:00
db:	VULMON	id:	CVE-2018-21209	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-016341	date:	2020-06-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-2281	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2018-21209	date:	2020-04-28T16:15:13.810