Details of VAR-202112-2310

ID

VAR-202112-2310

CVE

CVE-2021-45639

TITLE

plural NETGEAR Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-017174

DESCRIPTION

Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX50 before 1.0.2.28, RAX80 before 1.0.3.102, EX3800 before 1.0.0.90, MS60 before 1.0.5.102, R6900P before 1.3.2.126, R7900P before 1.4.1.66, RAX15 before 1.0.1.64, RAX45 before 1.0.2.28, RAX75 before 1.0.3.102, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. This affects CBR40 prior to 2.5.0.10, EAX20 prior to 1.0.0.32, EAX80 prior to 1.0.1.62, EX6120 prior to 1.0.0.64, EX6130 prior to 1.0.0.44, EX7000 prior to 1.0.1.104, EX7500 prior to 1.0.0.72, R7000 prior to 1.0.11.110, R7900 prior to 1.0.4.30, R7960P prior to 1.4.1.66, R8000 prior to 1.0.4.62, RAX200 prior to 1.0.2.102, XR300 prior to 1.0.3.50, EX3700 prior to 1.0.0.90, MR60 prior to 1.0.5.102, R7000P prior to 1.3.2.126, R8000P prior to 1.4.1.66, RAX20 prior to 1.0.1.64, RAX50 prior to 1.0.2.28, RAX80 prior to 1.0.3.102, EX3800 prior to 1.0.0.90, MS60 prior to 1.0.5.102, R6900P prior to 1.3.2.126, R7900P prior to 1.4.1.66, RAX15 prior to 1.0.1.64, RAX45 prior to 1.0.2.28, RAX75 prior to 1.0.3.102, RBR750 prior to 3.2.16.6, RBR850 prior to 3.2.16.6, RBS750 prior to 3.2.16.6, RBS850 prior to 3.2.16.6, RBK752 prior to 3.2.16.6, and RBK852 prior to 3.2.16.6

Trust: 1.71

sources: NVD: CVE-2021-45639 // JVNDB: JVNDB-2021-017174 // VULMON: CVE-2021-45639

AFFECTED PRODUCTS

vendor:	netgear	model:	rax20	scope:	lt	version:	1.0.1.64	Trust: 1.0
vendor:	netgear	model:	rax50	scope:	lt	version:	1.0.2.28	Trust: 1.0
vendor:	netgear	model:	rbk752	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	ex6120	scope:	lt	version:	1.0.0.64	Trust: 1.0
vendor:	netgear	model:	eax20	scope:	lt	version:	1.0.0.32	Trust: 1.0
vendor:	netgear	model:	r8000	scope:	lt	version:	1.0.4.62	Trust: 1.0
vendor:	netgear	model:	rax45	scope:	lt	version:	1.0.2.28	Trust: 1.0
vendor:	netgear	model:	ex6130	scope:	lt	version:	1.0.0.44	Trust: 1.0
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	ms60	scope:	lt	version:	1.0.5.102	Trust: 1.0
vendor:	netgear	model:	rax15	scope:	lt	version:	1.0.1.64	Trust: 1.0
vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	r6900p	scope:	lt	version:	1.3.2.126	Trust: 1.0
vendor:	netgear	model:	ex7500	scope:	lt	version:	1.0.0.72	Trust: 1.0
vendor:	netgear	model:	xr300	scope:	lt	version:	1.0.3.50	Trust: 1.0
vendor:	netgear	model:	ex3700	scope:	lt	version:	1.0.0.90	Trust: 1.0
vendor:	netgear	model:	r8000p	scope:	lt	version:	1.4.1.66	Trust: 1.0
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	rax80	scope:	lt	version:	1.0.3.102	Trust: 1.0
vendor:	netgear	model:	mr60	scope:	lt	version:	1.0.5.102	Trust: 1.0
vendor:	netgear	model:	eax80	scope:	lt	version:	1.0.1.62	Trust: 1.0
vendor:	netgear	model:	rbs750	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	ex7000	scope:	lt	version:	1.0.1.104	Trust: 1.0
vendor:	netgear	model:	r7900p	scope:	lt	version:	1.4.1.66	Trust: 1.0
vendor:	netgear	model:	rax200	scope:	lt	version:	1.0.2.102	Trust: 1.0
vendor:	netgear	model:	r7900	scope:	lt	version:	1.0.4.30	Trust: 1.0
vendor:	netgear	model:	ex3800	scope:	lt	version:	1.0.0.90	Trust: 1.0
vendor:	netgear	model:	r7000p	scope:	lt	version:	1.3.2.126	Trust: 1.0
vendor:	netgear	model:	rax75	scope:	lt	version:	1.0.3.102	Trust: 1.0
vendor:	netgear	model:	rbr750	scope:	lt	version:	3.2.16.6	Trust: 1.0
vendor:	netgear	model:	cbr40	scope:	lt	version:	2.5.0.10	Trust: 1.0
vendor:	netgear	model:	r7960p	scope:	lt	version:	1.4.1.66	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.11.110	Trust: 1.0
vendor:	ネットギア	model:	ex7500	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6120	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7960p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	eax20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	eax80	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex6130	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	cbr40	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	ex7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017174 // NVD: CVE-2021-45639

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45639
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2021-45639
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-45639
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202112-2435
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-45639
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-45639
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-45639
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-45639
baseSeverity:	MEDIUM
baseScore:	5.2
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45639
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-45639 // JVNDB: JVNDB-2021-017174 // CNNVD: CNNVD-202112-2435 // NVD: CVE-2021-45639 // NVD: CVE-2021-45639

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017174 // NVD: CVE-2021-45639

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-2435

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202112-2435

PATCH

title:	Security Advisory for Reflected Cross Site Scripting on Some Routers, Extenders, and WiFi Systems, PSV-2020-0121	url:	https://kb.netgear.com/000064460/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0121	Trust: 0.8
title:	Netgear RBR750 and NETGEAR Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176673	Trust: 0.6

sources: JVNDB: JVNDB-2021-017174 // CNNVD: CNNVD-202112-2435

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45639	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-017174	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2435	Trust: 0.6
db:	VULMON	id:	CVE-2021-45639	Trust: 0.1

sources: VULMON: CVE-2021-45639 // JVNDB: JVNDB-2021-017174 // CNNVD: CNNVD-202112-2435 // NVD: CVE-2021-45639

REFERENCES

url:	https://kb.netgear.com/000064460/security-advisory-for-reflected-cross-site-scripting-on-some-routers-extenders-and-wifi-systems-psv-2020-0121	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45639	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-45639 // JVNDB: JVNDB-2021-017174 // CNNVD: CNNVD-202112-2435 // NVD: CVE-2021-45639

SOURCES

db:	VULMON	id:	CVE-2021-45639
db:	JVNDB	id:	JVNDB-2021-017174
db:	CNNVD	id:	CNNVD-202112-2435
db:	NVD	id:	CVE-2021-45639

LAST UPDATE DATE

2024-11-23T22:29:10.363000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-45639	date:	2022-01-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-017174	date:	2023-01-06T06:05:00
db:	CNNVD	id:	CNNVD-202112-2435	date:	2022-01-07T00:00:00
db:	NVD	id:	CVE-2021-45639	date:	2024-11-21T06:32:44.890

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-45639	date:	2021-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-017174	date:	2023-01-06T00:00:00
db:	CNNVD	id:	CNNVD-202112-2435	date:	2021-12-26T00:00:00
db:	NVD	id:	CVE-2021-45639	date:	2021-12-26T01:15:19.597