5.4
CVE-2021-45673
- EPSS 0.2%
- Published 26.12.2021 01:15:21
- Last modified 21.11.2024 06:32:50
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, R7000P before 1.3.3.140, RAX80 before 1.0.3.106, R6900P before 1.3.3.140, and RAX75 before 1.0.3.106.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ R7000 Firmware Version < 1.0.11.110
Netgear ≫ R7900 Firmware Version < 1.0.4.30
Netgear ≫ R8000 Firmware Version < 1.0.4.62
Netgear ≫ Rax200 Firmware Version < 1.0.3.106
Netgear ≫ R7000p Firmware Version < 1.3.3.140
Netgear ≫ Rax80 Firmware Version < 1.0.3.106
Netgear ≫ R6900p Firmware Version < 1.3.3.140
Netgear ≫ Rax75 Firmware Version < 1.0.3.106
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.388 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
| cve@mitre.org | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.