4.8
CVE-2021-45674
- EPSS 0.46%
- Published 26.12.2021 01:15:21
- Last modified 21.11.2024 06:32:51
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ R7000 Firmware Version < 1.0.11.110
Netgear ≫ R7900 Firmware Version < 1.0.4.30
Netgear ≫ R8000 Firmware Version < 1.0.4.62
Netgear ≫ Rax15 Firmware Version < 1.0.2.82
Netgear ≫ Rax20 Firmware Version < 1.0.2.82
Netgear ≫ Rax200 Firmware Version < 1.0.3.106
Netgear ≫ Rax75 Firmware Version < 1.0.3.106
Netgear ≫ Rax80 Firmware Version < 1.0.3.106
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.609 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
| cve@mitre.org | 3.2 | 0.2 | 2.7 |
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.