CVE-2021-45676 — MEDIUM (4.3)

Q: What is CVE-2021-45676?

CVE-2021-45676 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.

Q: How severe is CVE-2021-45676?

CVE-2021-45676 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-45676?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Rax200 Firmware, Netgear Rax200, Netgear Rax20 Firmware, Netgear Rax20, Netgear Rax80 Firmware.

Vulnerability Description

Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Netgear	Rax200 Firmware	< 1.0.5.126
Netgear	Rax200	-
Netgear	Rax20 Firmware	< 1.0.2.82
Netgear	Rax20	-
Netgear	Rax80 Firmware	< 1.0.5.126
Netgear	Rax80	-
Netgear	Rax15 Firmware	< 1.0.2.82
Netgear	Rax15	-
Netgear	Rax75 Firmware	< 1.0.5.126
Netgear	Rax75	-

Related Weaknesses (CWE)

CWE-79

References

https://kb.netgear.com/000064462/Security-Advisory-for-Stored-Cross-Site-ScriptiPatchVendor Advisory
https://kb.netgear.com/000064462/Security-Advisory-for-Stored-Cross-Site-ScriptiPatchVendor Advisory

FAQ

What is CVE-2021-45676?

CVE-2021-45676 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.

How severe is CVE-2021-45676?

CVE-2021-45676 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-45676?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Rax200 Firmware, Netgear Rax200, Netgear Rax20 Firmware, Netgear Rax20, Netgear Rax80 Firmware.