PT-2021-6235 · NetGear · Ex6120+27

Aircut

Published

2021-12-21

Updated

2022-01-06

CVE-2021-45667

CVSS v2.0

7.5

High

Vector

AV:N/AC:M/Au:S/C:P/I:C/A:P

Name of the Vulnerable Software and Affected Versions NETGEAR CBR40 versions prior to 2.5.0.10 NETGEAR EAX20 versions prior to 1.0.0.48 NETGEAR EAX80 versions prior to 1.0.1.64 NETGEAR EX6120 versions prior to 1.0.0.64 NETGEAR EX6130 versions prior to 1.0.0.44 NETGEAR EX7500 versions prior to 1.0.0.72 NETGEAR R7960P versions prior to 1.4.1.66 NETGEAR RAX200 versions prior to 1.0.3.106 NETGEAR RBS40V versions prior to 2.6.1.4 NETGEAR RBW30 versions prior to 2.6.1.4 NETGEAR EX3700 versions prior to 1.0.0.90 NETGEAR MR60 versions prior to 1.0.6.110 NETGEAR R8000P versions prior to 1.4.1.66 NETGEAR RAX20 versions prior to 1.0.2.82 NETGEAR RAX45 versions prior to 1.0.2.72 NETGEAR RAX80 versions prior to 1.0.3.106 NETGEAR EX3800 versions prior to 1.0.0.90 NETGEAR MS60 versions prior to 1.0.6.110 NETGEAR R7900P versions prior to 1.4.1.66 NETGEAR RAX15 versions prior to 1.0.2.82 NETGEAR RAX50 versions prior to 1.0.2.72 NETGEAR RAX75 versions prior to 1.0.3.106 NETGEAR RBR750 versions prior to 3.2.16.6 NETGEAR RBR850 versions prior to 3.2.16.6 NETGEAR RBS750 versions prior to 3.2.16.6 NETGEAR RBS850 versions prior to 3.2.16.6 NETGEAR RBK752 versions prior to 3.2.16.6 NETGEAR RBK852 versions prior to 3.2.16.6

Description The issue is caused by a lack of protection for the web page structure, allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information. This is a stored XSS issue.

Recommendations Update CBR40 to version 2.5.0.10 or later Update EAX20 to version 1.0.0.48 or later Update EAX80 to version 1.0.1.64 or later Update EX6120 to version 1.0.0.64 or later Update EX6130 to version 1.0.0.44 or later Update EX7500 to version 1.0.0.72 or later Update R7960P to version 1.4.1.66 or later Update RAX200 to version 1.0.3.106 or later Update RBS40V to version 2.6.1.4 or later Update RBW30 to version 2.6.1.4 or later Update EX3700 to version 1.0.0.90 or later Update MR60 to version 1.0.6.110 or later Update R8000P to version 1.4.1.66 or later Update RAX20 to version 1.0.2.82 or later Update RAX45 to version 1.0.2.72 or later Update RAX80 to version 1.0.3.106 or later Update EX3800 to version 1.0.0.90 or later Update MS60 to version 1.0.6.110 or later Update R7900P to version 1.4.1.66 or later Update RAX15 to version 1.0.2.82 or later Update RAX50 to version 1.0.2.72 or later Update RAX75 to version 1.0.3.106 or later Update RBR750 to version 3.2.16.6 or later Update RBR850 to version 3.2.16.6 or later Update RBS750 to version 3.2.16.6 or later Update RBS850 to version 3.2.16.6 or later Update RBK752 to version 3.2.16.6 or later Update RBK852 to version 3.2.16.6 or later

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2022-01160

CVE-2021-45667

Affected Products

Cbr40

Eax20

Eax80

Ex3700

Ex3800

Ex6120

Ex6130

Ex7500

Mr60

Ms60

R7900P

R7960P

R8000P

Rax15

Rax20

Rax200

Rax45

Rax50

Rax75

Rax80

Rbk752

Rbk852

Rbr750

Rbr850

Rbs40V

Rbs750

Rbs850

Rbw30

PT-2021-6235 · NetGear · Ex6120+27

CVE-2021-45667

Weakness Enumeration

Related Identifiers

Affected Products

References · 4