PT-2021-5874 · NetGear · Ex6120+32

Published

2021-12-20

Updated

2022-01-06

CVE-2021-45639

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions NETGEAR CBR40 versions prior to 2.5.0.10 NETGEAR EAX20 versions prior to 1.0.0.32 NETGEAR EAX80 versions prior to 1.0.1.62 NETGEAR EX6120 versions prior to 1.0.0.64 NETGEAR EX6130 versions prior to 1.0.0.44 NETGEAR EX7000 versions prior to 1.0.1.104 NETGEAR EX7500 versions prior to 1.0.0.72 NETGEAR R7000 versions prior to 1.0.11.110 NETGEAR R7900 versions prior to 1.0.4.30 NETGEAR R7960P versions prior to 1.4.1.66 NETGEAR R8000 versions prior to 1.0.4.62 NETGEAR RAX200 versions prior to 1.0.2.102 NETGEAR XR300 versions prior to 1.0.3.50 NETGEAR EX3700 versions prior to 1.0.0.90 NETGEAR MR60 versions prior to 1.0.5.102 NETGEAR R7000P versions prior to 1.3.2.126 NETGEAR R8000P versions prior to 1.4.1.66 NETGEAR RAX20 versions prior to 1.0.1.64 NETGEAR RAX50 versions prior to 1.0.2.28 NETGEAR RAX80 versions prior to 1.0.3.102 NETGEAR EX3800 versions prior to 1.0.0.90 NETGEAR MS60 versions prior to 1.0.5.102 NETGEAR R6900P versions prior to 1.3.2.126 NETGEAR R7900P versions prior to 1.4.1.66 NETGEAR RAX15 versions prior to 1.0.1.64 NETGEAR RAX45 versions prior to 1.0.2.28 NETGEAR RAX75 versions prior to 1.0.3.102 NETGEAR RBR750 versions prior to 3.2.16.6 NETGEAR RBR850 versions prior to 3.2.16.6 NETGEAR RBS750 versions prior to 3.2.16.6 NETGEAR RBS850 versions prior to 3.2.16.6 NETGEAR RBK752 versions prior to 3.2.16.6 NETGEAR RBK852 versions prior to 3.2.16.6

Description The issue is related to the lack of protection of the web page structure, which may allow a remote attacker to conduct cross-site scripting attacks.

Recommendations Update CBR40 to version 2.5.0.10 or later Update EAX20 to version 1.0.0.32 or later Update EAX80 to version 1.0.1.62 or later Update EX6120 to version 1.0.0.64 or later Update EX6130 to version 1.0.0.44 or later Update EX7000 to version 1.0.1.104 or later Update EX7500 to version 1.0.0.72 or later Update R7000 to version 1.0.11.110 or later Update R7900 to version 1.0.4.30 or later Update R7960P to version 1.4.1.66 or later Update R8000 to version 1.0.4.62 or later Update RAX200 to version 1.0.2.102 or later Update XR300 to version 1.0.3.50 or later Update EX3700 to version 1.0.0.90 or later Update MR60 to version 1.0.5.102 or later Update R7000P to version 1.3.2.126 or later Update R8000P to version 1.4.1.66 or later Update RAX20 to version 1.0.1.64 or later Update RAX50 to version 1.0.2.28 or later Update RAX80 to version 1.0.3.102 or later Update EX3800 to version 1.0.0.90 or later Update MS60 to version 1.0.5.102 or later Update R6900P to version 1.3.2.126 or later Update R7900P to version 1.4.1.66 or later Update RAX15 to version 1.0.1.64 or later Update RAX45 to version 1.0.2.28 or later Update RAX75 to version 1.0.3.102 or later Update RBR750 to version 3.2.16.6 or later Update RBR850 to version 3.2.16.6 or later Update RBS750 to version 3.2.16.6 or later Update RBS850 to version 3.2.16.6 or later Update RBK752 to version 3.2.16.6 or later Update RBK852 to version 3.2.16.6 or later

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2022-00389

CVE-2021-45639

Affected Products

Cbr40

Eax20

Eax80

Ex3700

Ex3800

Ex6120

Ex6130

Ex7000

Ex7500

Mr60

Ms60

R6900P

R7000

R7000P

R7900

R7900P

R7960P

R8000

R8000P

Rax15

Rax20

Rax200

Rax45

Rax50

Rax75

Rax80

Rbk752

Rbk852

Rbr750

Rbr850

Rbs750

Rbs850

Xr300

PT-2021-5874 · NetGear · Ex6120+32

CVE-2021-45639

Weakness Enumeration

Related Identifiers

Affected Products

References · 4