6.1

CVE-2021-45639

Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX50 before 1.0.2.28, RAX80 before 1.0.3.102, EX3800 before 1.0.0.90, MS60 before 1.0.5.102, R6900P before 1.3.2.126, R7900P before 1.4.1.66, RAX15 before 1.0.1.64, RAX45 before 1.0.2.28, RAX75 before 1.0.3.102, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetgearCbr40 Firmware Version < 2.5.0.10
   NetgearCbr40 Version-
NetgearEax20 Firmware Version < 1.0.0.32
   NetgearEax20 Version-
NetgearEax80 Firmware Version < 1.0.1.62
   NetgearEax80 Version-
NetgearEx6120 Firmware Version < 1.0.0.64
   NetgearEx6120 Version-
NetgearEx6130 Firmware Version < 1.0.0.44
   NetgearEx6130 Version-
NetgearEx7000 Firmware Version < 1.0.1.104
   NetgearEx7000 Version-
NetgearEx7500 Firmware Version < 1.0.0.72
   NetgearEx7500 Version-
NetgearR7000 Firmware Version < 1.0.11.110
   NetgearR7000 Version-
NetgearR7900 Firmware Version < 1.0.4.30
   NetgearR7900 Version-
NetgearR7960p Firmware Version < 1.4.1.66
   NetgearR7960p Version-
NetgearR8000 Firmware Version < 1.0.4.62
   NetgearR8000 Version-
NetgearRax200 Firmware Version < 1.0.2.102
   NetgearRax200 Version-
NetgearXr300 Firmware Version < 1.0.3.50
   NetgearXr300 Version-
NetgearEx3700 Firmware Version < 1.0.0.90
   NetgearEx3700 Version-
NetgearMr60 Firmware Version < 1.0.5.102
   NetgearMr60 Version-
NetgearR7000p Firmware Version < 1.3.2.126
   NetgearR7000p Version-
NetgearR8000p Firmware Version < 1.4.1.66
   NetgearR8000p Version-
NetgearRax20 Firmware Version < 1.0.1.64
   NetgearRax20 Version-
NetgearRax50 Firmware Version < 1.0.2.28
   NetgearRax50 Version-
NetgearRax80 Firmware Version < 1.0.3.102
   NetgearRax80 Version-
NetgearEx3800 Firmware Version < 1.0.0.90
   NetgearEx3800 Version-
NetgearMs60 Firmware Version < 1.0.5.102
   NetgearMs60 Version-
NetgearR6900p Firmware Version < 1.3.2.126
   NetgearR6900p Version-
NetgearR7900p Firmware Version < 1.4.1.66
   NetgearR7900p Version-
NetgearRax15 Firmware Version < 1.0.1.64
   NetgearRax15 Version-
NetgearRax45 Firmware Version < 1.0.2.28
   NetgearRax45 Version-
NetgearRax75 Firmware Version < 1.0.3.102
   NetgearRax75 Version-
NetgearRbr750 Firmware Version < 3.2.16.6
   NetgearRbr750 Version-
NetgearRbr850 Firmware Version < 3.2.16.6
   NetgearRbr850 Version-
NetgearRbs750 Firmware Version < 3.2.16.6
   NetgearRbs750 Version-
NetgearRbs850 Firmware Version < 3.2.16.6
   NetgearRbs850 Version-
NetgearRbk752 Firmware Version < 3.2.16.6
   NetgearRbk752 Version-
NetgearRbk852 Firmware Version < 3.2.16.6
   NetgearRbk852 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.455
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
cve@mitre.org 5.2 2.1 2.7
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.