PT-2021-5869 · NetGear · Netgear Rax75+4
Published
2021-12-20
·
Updated
2022-01-05
·
CVE-2021-45676
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
NETGEAR RAX200 versions prior to 1.0.5.126
NETGEAR RAX20 versions prior to 1.0.2.82
NETGEAR RAX80 versions prior to 1.0.5.126
NETGEAR RAX15 versions prior to 1.0.2.82
NETGEAR RAX75 versions prior to 1.0.5.126
Description
The issue is related to stored XSS, which can be exploited by a remote attacker to conduct cross-site scripting attacks. This is due to the lack of protection measures for the web page structure.
Recommendations
For NETGEAR RAX200 versions prior to 1.0.5.126, update to version 1.0.5.126 or later.
For NETGEAR RAX20 versions prior to 1.0.2.82, update to version 1.0.2.82 or later.
For NETGEAR RAX80 versions prior to 1.0.5.126, update to version 1.0.5.126 or later.
For NETGEAR RAX15 versions prior to 1.0.2.82, update to version 1.0.2.82 or later.
For NETGEAR RAX75 versions prior to 1.0.5.126, update to version 1.0.5.126 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Rax15
Netgear Rax20
Netgear Rax200
Netgear Rax75
Netgear Rax80