Details of VAR-202112-2276

ID

VAR-202112-2276

CVE

CVE-2021-45673

TITLE

plural NETGEAR Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-017024

DESCRIPTION

Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, R7000P before 1.3.3.140, RAX80 before 1.0.3.106, R6900P before 1.3.3.140, and RAX75 before 1.0.3.106. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects R7000 prior to 1.0.11.110, R7900 prior to 1.0.4.30, R8000 prior to 1.0.4.62, RAX200 prior to 1.0.3.106, R7000P prior to 1.3.3.140, RAX80 prior to 1.0.3.106, R6900P prior to 1.3.3.140, and RAX75 prior to 1.0.3.106

Trust: 1.71

sources: NVD: CVE-2021-45673 // JVNDB: JVNDB-2021-017024 // VULMON: CVE-2021-45673

AFFECTED PRODUCTS

vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.11.110	Trust: 1.0
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.4.30	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.3.140	Trust: 1.0
vendor:	netgear	model:	rax200	scope:	lt	version:	1.0.3.106	Trust: 1.0
vendor:	netgear	model:	rax75	scope:	lt	version:	1.0.3.106	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.3.140	Trust: 1.0
vendor:	netgear	model:	rax80	scope:	lt	version:	1.0.3.106	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.4.62	Trust: 1.0
vendor:	ネットギア	model:	r8000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6900p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax80	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax75	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017024 // NVD: CVE-2021-45673

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45673
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2021-45673
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-45673
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202112-2466
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-45673
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-45673
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-45673
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45673
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45673
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-45673 // JVNDB: JVNDB-2021-017024 // CNNVD: CNNVD-202112-2466 // NVD: CVE-2021-45673 // NVD: CVE-2021-45673

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017024 // NVD: CVE-2021-45673

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2466

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202112-2466

PATCH

title:	Security Advisory for Stored Cross Site Scripting on Some Routers, PSV-2020-0003	url:	https://kb.netgear.com/000064456/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0003	Trust: 0.8
title:	Netgear NETGEAR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177025	Trust: 0.6

sources: JVNDB: JVNDB-2021-017024 // CNNVD: CNNVD-202112-2466

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45673	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017024	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2466	Trust: 0.6
db:	VULMON	id:	CVE-2021-45673	Trust: 0.1

sources: VULMON: CVE-2021-45673 // JVNDB: JVNDB-2021-017024 // CNNVD: CNNVD-202112-2466 // NVD: CVE-2021-45673

REFERENCES

url:	https://kb.netgear.com/000064456/security-advisory-for-stored-cross-site-scripting-on-some-routers-psv-2020-0003	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45673	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45673 // JVNDB: JVNDB-2021-017024 // CNNVD: CNNVD-202112-2466 // NVD: CVE-2021-45673

SOURCES

db:	VULMON	id:	CVE-2021-45673
db:	JVNDB	id:	JVNDB-2021-017024
db:	CNNVD	id:	CNNVD-202112-2466
db:	NVD	id:	CVE-2021-45673

LAST UPDATE DATE

2024-11-23T21:33:26.801000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45673	date:	2022-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2021-017024	date:	2022-12-27T08:59:00
db:	CNNVD	id:	CNNVD-202112-2466	date:	2022-01-06T00:00:00
db:	NVD	id:	CVE-2021-45673	date:	2024-11-21T06:32:50.903

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45673	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017024	date:	2022-12-27T00:00:00
db:	CNNVD	id:	CNNVD-202112-2466	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45673	date:	2021-12-26T01:15:21.150