CVE-2021-45674

LOW

3.2CVSS v3

3.5CVSS v2

0.27% EPSS (exploit probability)

CWE-79CWE

Description

Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.

CVSS v3 vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

Affected routers (3)

Vendor	Model	Matched via	Affected versions	Fixed in	Patch Status
Netgear	Netgear Nighthawk R7000	`—`	versionEndExcluding=1.0.11.110	1.0.11.110	Patched
Netgear	Netgear Nighthawk RAX200	`—`	versionEndExcluding=1.0.3.106	1.0.3.106	Patched
Netgear	Netgear Nighthawk RAX80	`—`	versionEndExcluding=1.0.3.106	1.0.3.106	Patched

External references

NIST NVD
MITRE CVE