Details of VAR-202108-1661

ID

VAR-202108-1661

CVE

CVE-2021-38534

TITLE

plural NETGEAR Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-010450

DESCRIPTION

plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. Certain NETGEAR devices are affected by stored XSS. This affects D3600 prior to 1.0.0.76, D6000 prior to 1.0.0.76, D6100 prior to 1.0.0.60, D6200 prior to 1.1.00.36, D6220 prior to 1.0.0.52, D6400 prior to 1.0.0.86, D7000 prior to 1.0.1.70, D7000v2 prior to 1.0.0.53, D8500 prior to 1.0.3.44, DC112A prior to 1.0.0.42, DGN2200v4 prior to 1.0.0.110, DGND2200Bv4 prior to 1.0.0.109, DM200 prior to 1.0.0.61, JR6150 prior to 1.0.1.18, PR2000 prior to 1.0.0.28, R6020 prior to 1.0.0.42, R6050 prior to 1.0.1.18, R6080 prior to 1.0.0.42, R6220 prior to 1.1.0.80, R6230 prior to 1.1.0.80, R6250 prior to 1.0.4.34, R6260 prior to 1.1.0.64, R6300v2 prior to 1.0.4.34, R6400 prior to 1.0.1.46, R6400v2 prior to 1.0.2.62, R6700 prior to 1.0.2.6, R6700v2 prior to 1.2.0.36, R6700v3 prior to 1.0.2.62, R6800 prior to 1.2.0.36, R6900 prior to 1.0.2.4, R6900P prior to 1.3.1.64, R6900v2 prior to 1.2.0.36, R7000 prior to 1.0.9.60, R7000P prior to 1.3.1.64, R7100LG prior to 1.0.0.50, R7300DST prior to 1.0.0.70, R7450 prior to 1.2.0.36, R7900 prior to 1.0.3.8, R7900P prior to 1.4.1.50, R8000 prior to 1.0.4.28, R8000P prior to 1.4.1.50, R8300 prior to 1.0.2.130, R8500 prior to 1.0.2.130, WNDR3400v3 prior to 1.0.1.24, WNR2020 prior to 1.1.0.62, WNR3500Lv2 prior to 1.2.0.62, XR450 prior to 2.3.2.40, and XR500 prior to 2.3.2.40

Trust: 0.81

sources: JVNDB: JVNDB-2021-010450 // VULMON: CVE-2021-38534

AFFECTED PRODUCTS

vendor:	netgear	model:	r7900p	scope:	lt	version:	1.4.1.50	Trust: 1.0
vendor:	netgear	model:	d3600	scope:	lt	version:	1.0.0.76	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.2.62	Trust: 1.0
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	r6400	scope:	lt	version:	1.0.1.46	Trust: 1.0
vendor:	netgear	model:	r6260	scope:	lt	version:	1.1.0.64	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.1.64	Trust: 1.0
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.3.8	Trust: 1.0
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.80	Trust: 1.0
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.36	Trust: 1.0
vendor:	netgear	model:	r6300	scope:	lt	version:	1.0.4.34	Trust: 1.0
vendor:	netgear	model:	pr2000	scope:	lt	version:	1.0.0.28	Trust: 1.0
vendor:	netgear	model:	r7100lg	scope:	lt	version:	1.0.0.50	Trust: 1.0
vendor:	netgear	model:	dgn2200	scope:	lt	version:	1.0.0.110	Trust: 1.0
vendor:	netgear	model:	dm200	scope:	lt	version:	1.0.0.61	Trust: 1.0
vendor:	netgear	model:	r6250	scope:	lt	version:	1.0.4.34	Trust: 1.0
vendor:	netgear	model:	r6020	scope:	lt	version:	1.0.0.42	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.4.28	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.9.60	Trust: 1.0
vendor:	netgear	model:	wndr3400	scope:	lt	version:	1.0.1.24	Trust: 1.0
vendor:	netgear	model:	d6220	scope:	lt	version:	1.0.0.52	Trust: 1.0
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.70	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.2.62	Trust: 1.0
vendor:	netgear	model:	d6400	scope:	lt	version:	1.0.0.86	Trust: 1.0
vendor:	netgear	model:	d6100	scope:	lt	version:	1.0.0.60	Trust: 1.0
vendor:	netgear	model:	xr500	scope:	lt	version:	2.3.2.40	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.1.64	Trust: 1.0
vendor:	netgear	model:	wnr3500l	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	netgear	model:	r6080	scope:	lt	version:	1.0.0.42	Trust: 1.0
vendor:	netgear	model:	dc112a	scope:	lt	version:	1.0.0.42	Trust: 1.0
vendor:	netgear	model:	r7300dst	scope:	lt	version:	1.0.0.70	Trust: 1.0
vendor:	netgear	model:	d6000	scope:	lt	version:	1.0.0.76	Trust: 1.0
vendor:	netgear	model:	r6230	scope:	lt	version:	1.1.0.80	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.2.0.36	Trust: 1.0
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.0.53	Trust: 1.0
vendor:	netgear	model:	r7450	scope:	lt	version:	1.2.0.36	Trust: 1.0
vendor:	netgear	model:	r8300	scope:	lt	version:	1.0.2.130	Trust: 1.0
vendor:	netgear	model:	xr450	scope:	lt	version:	2.3.2.40	Trust: 1.0
vendor:	netgear	model:	r8500	scope:	lt	version:	1.0.2.130	Trust: 1.0
vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.18	Trust: 1.0
vendor:	netgear	model:	d8500	scope:	lt	version:	1.0.3.44	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.0.2.4	Trust: 1.0
vendor:	netgear	model:	r8000p	scope:	lt	version:	1.4.1.50	Trust: 1.0
vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.18	Trust: 1.0
vendor:	netgear	model:	r6900	scope:	lt	version:	1.2.0.36	Trust: 1.0
vendor:	netgear	model:	dgnd2200b	scope:	lt	version:	1.0.0.109	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.36	Trust: 1.0
vendor:	netgear	model:	r6700	scope:	lt	version:	1.0.2.6	Trust: 1.0
vendor:	ネットギア	model:	dgn2200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6400	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6100	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	dc112a	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d3600	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d8500	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6220	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010450 // NVD: CVE-2021-38534

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-38534
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2021-38534
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-38534
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202108-946
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-38534
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-38534
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-38534
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-38534
baseSeverity:	MEDIUM
baseScore:	4.1
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	0.7
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-38534
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-38534 // JVNDB: JVNDB-2021-010450 // CNNVD: CNNVD-202108-946 // NVD: CVE-2021-38534 // NVD: CVE-2021-38534

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010450 // NVD: CVE-2021-38534

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-946

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202108-946

PATCH

title:	Security Advisory for Stored Cross Site Scripting on Some Routers and Gateways, PSV-2018-0244	url:	https://kb.netgear.com/000063758/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2018-0244	Trust: 0.8
title:	NETGEAR Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159340	Trust: 0.6
title:	CVE-2021-38534	url:	https://github.com/AlAIAL90/CVE-2021-38534	Trust: 0.1

sources: VULMON: CVE-2021-38534 // JVNDB: JVNDB-2021-010450 // CNNVD: CNNVD-202108-946

EXTERNAL IDS

db:	NVD	id:	CVE-2021-38534	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-010450	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-946	Trust: 0.6
db:	VULMON	id:	CVE-2021-38534	Trust: 0.1

sources: VULMON: CVE-2021-38534 // JVNDB: JVNDB-2021-010450 // CNNVD: CNNVD-202108-946 // NVD: CVE-2021-38534

REFERENCES

url:	https://kb.netgear.com/000063758/security-advisory-for-stored-cross-site-scripting-on-some-routers-and-gateways-psv-2018-0244	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-38534	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://github.com/alaial90/cve-2021-38534	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-38534 // JVNDB: JVNDB-2021-010450 // CNNVD: CNNVD-202108-946 // NVD: CVE-2021-38534

SOURCES

db:	VULMON	id:	CVE-2021-38534
db:	JVNDB	id:	JVNDB-2021-010450
db:	CNNVD	id:	CNNVD-202108-946
db:	NVD	id:	CVE-2021-38534

LAST UPDATE DATE

2024-08-14T14:44:21.504000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-38534	date:	2021-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-010450	date:	2022-07-01T06:13:00
db:	CNNVD	id:	CNNVD-202108-946	date:	2021-08-26T00:00:00
db:	NVD	id:	CVE-2021-38534	date:	2021-08-19T17:59:26.163

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-38534	date:	2021-08-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-010450	date:	2022-07-01T00:00:00
db:	CNNVD	id:	CNNVD-202108-946	date:	2021-08-10T00:00:00
db:	NVD	id:	CVE-2021-38534	date:	2021-08-11T00:17:22.217