Stored Cross-Site Scripting Vulnerability in NETGEAR Routers
CVE-2021-45673

4.8MEDIUM

Key Information:

Vendor
Netgear
Status
R7000 Firmware
Vendor
CVE Published:
26 December 2021

Summary

An issue has been identified in certain NETGEAR routers that allows for stored cross-site scripting (XSS) attacks. This vulnerability enables an attacker to inject malicious scripts into web pages that are then displayed to other users. Affected models include R7000, R7900, R8000, RAX200, R7000P, RAX80, R6900P, and RAX75, all of which require updates to mitigate this risk. Users are advised to upgrade their devices to the latest firmware versions to protect against potential exploitation.

References

https://kb.netgear.com/000064456/Security-Advisory-for-St...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.