Stored Cross-Site Scripting Vulnerability in NETGEAR RAX40 Devices
CVE-2021-38533

5.4MEDIUM

Key Information:

Vendor: Netgear
Status: Rax40 Firmware
Vendor: CVE Published:; 11 August 2021

What is CVE-2021-38533?

NETGEAR RAX40 devices running versions prior to 1.0.3.64 exhibit a stored cross-site scripting vulnerability. This flaw allows attackers to inject malicious scripts that could execute when a victim interacts with affected components of the device's interface. As a consequence, user data could be compromised, and unauthorized actions may be performed by attackers. Users are advised to update to the latest firmware version to mitigate this risk.

References

https://kb.netgear.com/000063776/Security-Advisory-for-St...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2021
Vulnerability Reserved
Aug 10, 2021

Netgear

What is CVE-2021-38533?

References

CVSS V3.1

Timeline