4.8
CVE-2018-21209
- EPSS 0.26%
- Published 28.04.2020 16:15:13
- Last modified 21.11.2024 04:03:10
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ Jnr1010 Firmware Version < 1.1.0.46
Netgear ≫ Jr6150 Firmware Version < 1.0.1.10
Netgear ≫ Jwnr2010 Firmware Version < 1.1.0.46
Netgear ≫ Pr2000 Firmware Version < 1.0.0.20
Netgear ≫ R6050 Firmware Version < 1.0.1.10
Netgear ≫ R6220 Firmware Version < 1.1.0.60
Netgear ≫ Wndr3700 Firmware Version < 1.1.0.50
Netgear ≫ Wnr1000 Firmware Version < 1.1.0.46
Netgear ≫ Wnr2020 Firmware Version < 1.1.0.46
Netgear ≫ Wnr2050 Firmware Version < 1.1.0.46
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.463 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
| cve@mitre.org | 4.8 | 1.7 | 2.7 |
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.