Stored XSS Vulnerability in NETGEAR Routers and WiFi Systems
CVE-2021-45669

3.7LOW

Key Information:

Vendor
Netgear
Status
Rax200 Firmware
Vendor
CVE Published:
26 December 2021

Summary

Certain NETGEAR devices are vulnerable to stored XSS attacks, allowing an attacker to inject malicious scripts into the web interface. This could lead to unauthorized access and manipulation of sensitive user information. Users are advised to update their devices to mitigate this security risk. Affected models include various RAX, RBR, and RBK series routers and WiFi systems.

References

https://kb.netgear.com/000064478/Security-Advisory-for-St...
x_refsource_MISC

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.