CVE-2021-45674
LOWNETGEAR R7000/R7900/R8000/RAX15/RAX20/RAX200/RAX75/RAX80 Firmware - Stored Cross-Site Scripting
Title source: llmDescription
Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://kb.netgear.com/000064077/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0017
Scores
CVSS v3
3.2
EPSS
0.0027
EPSS Percentile
50.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (8)
netgear/r7000_firmware
< 1.0.11.110
netgear/r7900_firmware
< 1.0.4.30
netgear/r8000_firmware
< 1.0.4.62
netgear/rax15_firmware
< 1.0.2.82
netgear/rax200_firmware
< 1.0.3.106
netgear/rax20_firmware
< 1.0.2.82
netgear/rax75_firmware
< 1.0.3.106
netgear/rax80_firmware
< 1.0.3.106
Published
Dec 26, 2021
Tracked Since
Feb 18, 2026