PT-2021-6185 · NetGear · Netgear R7000+7

Published

2021-12-20

·

Updated

2022-01-05

·

CVE-2021-45674

CVSS v2.0

4.9

Medium

VectorAV:N/AC:M/Au:S/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions NETGEAR R7000 versions prior to 1.0.11.110 NETGEAR R7900 versions prior to 1.0.4.30 NETGEAR R8000 versions prior to 1.0.4.62 NETGEAR RAX15 versions prior to 1.0.2.82 NETGEAR RAX20 versions prior to 1.0.2.82 NETGEAR RAX200 versions prior to 1.0.3.106 NETGEAR RAX75 versions prior to 1.0.3.106 NETGEAR RAX80 versions prior to 1.0.3.106
Description The issue is related to stored XSS, which affects the confidentiality and integrity of protected information. This occurs due to inadequate protection of the web page structure, allowing a remote attacker to exploit the vulnerability.
Recommendations For NETGEAR R7000 versions prior to 1.0.11.110, update to version 1.0.11.110 or later. For NETGEAR R7900 versions prior to 1.0.4.30, update to version 1.0.4.30 or later. For NETGEAR R8000 versions prior to 1.0.4.62, update to version 1.0.4.62 or later. For NETGEAR RAX15 versions prior to 1.0.2.82, update to version 1.0.2.82 or later. For NETGEAR RAX20 versions prior to 1.0.2.82, update to version 1.0.2.82 or later. For NETGEAR RAX200 versions prior to 1.0.3.106, update to version 1.0.3.106 or later. For NETGEAR RAX75 versions prior to 1.0.3.106, update to version 1.0.3.106 or later. For NETGEAR RAX80 versions prior to 1.0.3.106, update to version 1.0.3.106 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2022-01101
CVE-2021-45674

Affected Products

Netgear R7000
Netgear R7900
Netgear R8000
Netgear Rax15
Netgear Rax20
Netgear Rax200
Netgear Rax75
Netgear Rax80