Details of VAR-202112-2272

ID

VAR-202112-2272

CVE

CVE-2021-45677

TITLE

Netgear NETGEAR Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202112-2473

DESCRIPTION

Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36. This affects GS108Tv2 prior to 5.4.2.36 and GS110TPv2 prior to 5.4.2.36

Trust: 0.99

sources: NVD: CVE-2021-45677 // VULMON: CVE-2021-45677

AFFECTED PRODUCTS

vendor:	netgear	model:	gs110tp	scope:	lt	version:	5.4.2.36	Trust: 1.0
vendor:	netgear	model:	gs108t	scope:	lt	version:	5.4.2.36	Trust: 1.0

sources: NVD: CVE-2021-45677

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-45677
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202112-2473
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-45677
value:	MEDIUM
Trust: 0.1

VULMON:	CVE-2021-45677
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

NVD:	CVE-2021-45677
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2021-45677 // CNNVD: CNNVD-202112-2473 // NVD: CVE-2021-45677

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.0

sources: NVD: CVE-2021-45677

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2473

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202112-2473

CONFIGURATIONS

sources: NVD: CVE-2021-45677

PATCH

title:

Netgear NETGEAR Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177030

Trust: 0.6

sources: CNNVD: CNNVD-202112-2473

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45677	Trust: 1.7
db:	CNNVD	id:	CNNVD-202112-2473	Trust: 0.6
db:	VULMON	id:	CVE-2021-45677	Trust: 0.1

sources: VULMON: CVE-2021-45677 // CNNVD: CNNVD-202112-2473 // NVD: CVE-2021-45677

REFERENCES

url:	https://kb.netgear.com/000064448/security-advisory-for-stored-cross-site-scripting-on-some-smart-managed-pro-switches-psv-2019-0191	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45677	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45677 // CNNVD: CNNVD-202112-2473 // NVD: CVE-2021-45677

SOURCES

db:	VULMON	id:	CVE-2021-45677
db:	CNNVD	id:	CNNVD-202112-2473
db:	NVD	id:	CVE-2021-45677

LAST UPDATE DATE

2022-05-04T09:41:49.404000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45677	date:	2022-01-05T00:00:00
db:	CNNVD	id:	CNNVD-202112-2473	date:	2022-01-06T00:00:00
db:	NVD	id:	CVE-2021-45677	date:	2022-01-05T13:01:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45677	date:	2021-12-26T00:00:00
db:	CNNVD	id:	CNNVD-202112-2473	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45677	date:	2021-12-26T01:15:00