Search

Find a vulnerability

Search criteria

    80 vulnerabilities found for ex3800_firmware by netgear

    CVE-2026-9210 (GCVE-0-2026-9210)

    Vulnerability from nvd – Published: 2026-06-09 15:50 – Updated: 2026-06-11 05:38
    VLAI
    Title
    Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router
    Summary
    Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper input validation
    Assigner
    References
    URL Tags
    https://www.netgear.com/support/product/ex3700/ productpatch
    https://www.netgear.com/support/product/ex3800/ productpatch
    https://www.netgear.com/support/product/ex6120/ productpatch
    https://www.netgear.com/support/product/mr60/ productpatch
    https://www.netgear.com/support/product/ex6130/ productpatch
    https://www.netgear.com/support/product/ms70/ productpatch
    https://www.netgear.com/support/product/ms60/ productpatch
    https://www.netgear.com/support/product/mr80/ productpatch
    https://www.netgear.com/support/product/ms80/ productpatch
    https://www.netgear.com/support/product/mr70/ productpatch
    https://www.netgear.com/support/product/r6400v2/ productpatch
    https://www.netgear.com/support/product/r6700v3/ productpatch
    https://www.netgear.com/support/product/r6900p/ productpatch
    https://www.netgear.com/support/product/r7960p/ productpatch
    https://www.netgear.com/support/product/r7000p/ productpatch
    https://www.netgear.com/support/product/r8000p/ productpatch
    https://www.netgear.com/support/product/r8500/ product
    https://www.netgear.com/support/product/rax48/ productpatch
    https://www.netgear.com/support/product/r7000/ productpatch
    https://www.netgear.com/support/product/rax40v2/ productpatch
    https://www.netgear.com/support/product/rax20/ productpatch
    https://www.netgear.com/support/product/rax35v2/ productpatch
    https://www.netgear.com/support/product/rax41/ productpatch
    https://www.netgear.com/support/product/rax42/ productpatch
    https://www.netgear.com/support/product/rax45/ productpatch
    https://www.netgear.com/support/product/rax50/ productpatch
    https://www.netgear.com/support/product/rax43/ productpatch
    https://www.netgear.com/support/product/rax50s/ productpatch
    https://www.netgear.com/support/product/raxe450/ productpatch
    https://www.netgear.com/support/product/raxe500/ productpatch
    https://www.netgear.com/support/product/xr1000/ productpatch
    https://kb.netgear.com/000070811/June-2026-NETGEA… vendor-advisory
    Impacted products
    Vendor Product Version
    NETGEAR EX3700 Affected: 0 , < V1.0.0.100 (custom)
    Create a notification for this product.
    NETGEAR EX3800 Affected: 0 , < V1.0.0.100 (custom)
    Create a notification for this product.
    NETGEAR EX6120 Affected: 0 , < V1.0.0.72 (custom)
    Create a notification for this product.
    NETGEAR EX6130 Affected: 0 , < V1.0.0.54 (custom)
    Create a notification for this product.
    NETGEAR MR60 Affected: 0 , < V1.1.7.132 (custom)
    Create a notification for this product.
    NETGEAR MR70 Affected: 0 , < V1.0.3.28 (custom)
    Create a notification for this product.
    NETGEAR MR80 Affected: 0 , < V1.1.7.14 (custom)
    Create a notification for this product.
    NETGEAR MS60 Affected: 0 , < V1.1.7.132 (custom)
    Create a notification for this product.
    NETGEAR MS70 Affected: 0 , < V1.0.3.28 (custom)
    Create a notification for this product.
    NETGEAR MS80 Affected: 0 , < V1.1.7.14 (custom)
    Create a notification for this product.
    NETGEAR R6400v2 Affected: 0 , < V1.0.4.128 (custom)
    Create a notification for this product.
    NETGEAR R6700v3 Affected: 0 , < V1.0.4.128 (custom)
    Create a notification for this product.
    NETGEAR R6900P Affected: 0 , < V1.3.3.152 (custom)
    Create a notification for this product.
    NETGEAR R7000 Affected: 0 , < V1.0.11.216 (custom)
    Create a notification for this product.
    NETGEAR R7000P Affected: 0 , < V1.3.3.152 (custom)
    Create a notification for this product.
    NETGEAR R7960P Affected: 0 , < V1.4.4.92 (custom)
    Create a notification for this product.
    NETGEAR R8000P Affected: 0 , < V1.4.4.92 (custom)
    Create a notification for this product.
    NETGEAR R8500 Affected: 0 , ≤ 1.0.2.160 (custom)
    Create a notification for this product.
    NETGEAR RAX20 Affected: 0 , < V1.0.18.144 (custom)
    Create a notification for this product.
    NETGEAR RAX35v2 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX40v2 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX41 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX42 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX43 Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAX45 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX48 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX50 Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAX50S Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAXE450 Affected: 0 , < V1.0.10.86 (custom)
    Create a notification for this product.
    NETGEAR RAXE500 Affected: 0 , < V1.0.10.86 (custom)
    Create a notification for this product.
    NETGEAR XR1000 Affected: 0 , < V1.0.0.68 (custom)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Credits
    pjqwudi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9210",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T18:03:30.063423Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T18:39:39.151Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EX3700",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.100",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EX3800",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.100",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EX6120",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.72",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EX6130",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.54",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR60",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR70",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.3.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR80",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS60",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS70",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.3.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS80",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6400v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.4.128",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6700v3",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.4.128",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6900P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.3.3.152",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.11.216",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7000P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.3.3.152",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7960P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.4.4.92",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R8000P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.4.4.92",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R8500",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.2.160",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX20",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.18.144",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX35v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX40v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX41",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX42",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX43",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX45",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX48",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50S",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE450",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.10.86",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE500",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.10.86",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XR1000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.68",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex3700:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.100",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex3800:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.100",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex6120:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.72",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex6130:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.54",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:mr60:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.132",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:mr70:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.3.28",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:mr80:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.14",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ms60:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.132",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ms70:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.3.28",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ms80:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.14",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r6400v2:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.4.128",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r6700v3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.4.128",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r6900p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.3.3.152",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r7000:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.11.216",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r7000p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.3.3.152",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r7960p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.4.4.92",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r8000p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.4.4.92",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r8500:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax20:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.18.144",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax35v2:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax40v2:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax41:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax42:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax43:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.120",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax45:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax48:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax50:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.120",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax50s:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.120",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:raxe450:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.10.86",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:raxe500:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.10.86",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:xr1000:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.68",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "pjqwudi"
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003eInsufficient input validation vulnerability in the\u0026nbsp;listed NETGEAR models allows\u0026nbsp;authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "Insufficient input validation vulnerability in the\u00a0listed NETGEAR models allows\u00a0authenticated administrators connected to the local network to make unauthorized modification of router software and functionality."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T05:38:03.646Z",
            "orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
            "shortName": "NETGEAR"
          },
          "references": [
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex3700/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex3800/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex6120/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr60/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex6130/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms70/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms60/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr80/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms80/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr70/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6400v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6700v3/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6900p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7960p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7000p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r8000p/"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.netgear.com/support/product/r8500/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax48/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7000/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax40v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax20/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax35v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax41/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax42/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax45/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax43/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50s/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe450/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe500/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/xr1000/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX3700\u003c/b\u003e AC750 WiFi Range Extender Essentials Edition\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex3700/\"\u003eV1.0.0.100\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX3800 (EoS)\u003c/b\u003e AC750 WiFi Range Extender Essentials Edition\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex3800/\"\u003eV1.0.0.100\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX6120\u003c/b\u003e AC1200 Dual Band WiFi Range Extender\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex6120/\"\u003eV1.0.0.72\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX6130\u003c/b\u003e AC1200 WiFi Range Extender\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex6130/\"\u003eV1.0.0.54\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR60\u003c/b\u003e Nighthawk Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr60/\"\u003eV1.1.7.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR70\u003c/b\u003e Nighthawk Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr70/\"\u003eV1.0.3.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR80\u003c/b\u003e Nighthawk Tri-band Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr80/\"\u003eV1.1.7.14\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS60\u003c/b\u003e Nighthawk Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms60/\"\u003eV1.1.7.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS70\u003c/b\u003e Nighthawk Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms70/\"\u003eV1.0.3.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS80\u003c/b\u003e Nighthawk Tri-band Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms80/\"\u003eV1.1.7.14\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6400v2 (EoS)\u003c/b\u003e AC1750 Smart WiFi Router 802.11ac Dual Band Gigabit\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6400v2/\"\u003eV1.0.4.128\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6700v3 (EoS)\u003c/b\u003e Nighthawk AC1750 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6700v3/\"\u003eV1.0.4.128\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6900P (EoS)\u003c/b\u003e Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6900p/\"\u003eV1.3.3.152\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7000 (EoS)\u003c/b\u003e Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7000/\"\u003eV1.0.11.216\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7000P (EoS)\u003c/b\u003e Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7000p/\"\u003eV1.3.3.152\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7960P (EoS)\u003c/b\u003e Nighthawk X6S AC3600 Tri-Band WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7960p/\"\u003eV1.4.4.92\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR8000P (EoS)\u003c/b\u003e Nighthawk X6S AC4000 Tri Band WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r8000p/\"\u003eV1.4.4.92\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR8500 (EoS)\u003c/b\u003e Nighthawk X8 AC5300 Smart WiFi Router\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX20 (EoS)\u003c/b\u003e 4-Stream AX1800 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax20/\"\u003eV1.0.18.144\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX35v2\u003c/b\u003e Nighthawk AX4 4-Stream AX3000 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax35v2/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX40v2\u003c/b\u003e Nighthawk AX4 4-Stream WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax40v2/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX41 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX3600 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax41/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX42 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax42/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX43 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax43/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX45 (EoS)\u003c/b\u003e Nighthawk AX6 6-Stream AX4300 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax45/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX48\u003c/b\u003e Nighthawk AX6 6-Stream AX5200 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax48/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50S\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50s/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE450\u003c/b\u003e Nighthawk AXE10000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe450/\"\u003eV1.0.10.86\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE500\u003c/b\u003e Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe500/\"\u003eV1.0.10.86\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eXR1000\u003c/b\u003e Nighthawk WiFi 6 Pro Gaming Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/xr1000/\"\u003eV1.0.0.68\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.\u003c/p\u003e"
                }
              ],
              "value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionEX3700 AC750 WiFi Range Extender Essentials Edition V1.0.0.100 https://www.netgear.com/support/product/ex3700/ EX3800 (EoS) AC750 WiFi Range Extender Essentials Edition V1.0.0.100 https://www.netgear.com/support/product/ex3800/ EX6120 AC1200 Dual Band WiFi Range Extender V1.0.0.72 https://www.netgear.com/support/product/ex6120/ EX6130 AC1200 WiFi Range Extender V1.0.0.54 https://www.netgear.com/support/product/ex6130/ MR60 Nighthawk Mesh WiFi 6 Router V1.1.7.132 https://www.netgear.com/support/product/mr60/ MR70 Nighthawk Mesh WiFi 6 Router V1.0.3.28 https://www.netgear.com/support/product/mr70/ MR80 Nighthawk Tri-band Mesh WiFi 6 Router V1.1.7.14 https://www.netgear.com/support/product/mr80/ MS60 Nighthawk Mesh WiFi 6 Add-on Satellite V1.1.7.132 https://www.netgear.com/support/product/ms60/ MS70 Nighthawk Mesh WiFi 6 Add-on Satellite V1.0.3.28 https://www.netgear.com/support/product/ms70/ MS80 Nighthawk Tri-band Mesh WiFi 6 Add-on Satellite V1.1.7.14 https://www.netgear.com/support/product/ms80/ R6400v2 (EoS) AC1750 Smart WiFi Router 802.11ac Dual Band Gigabit V1.0.4.128 https://www.netgear.com/support/product/r6400v2/ R6700v3 (EoS) Nighthawk AC1750 Smart WiFi Dual Band Gigabit Router V1.0.4.128 https://www.netgear.com/support/product/r6700v3/ R6900P (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.3.3.152 https://www.netgear.com/support/product/r6900p/ R7000 (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.216 https://www.netgear.com/support/product/r7000/ R7000P (EoS) Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router V1.3.3.152 https://www.netgear.com/support/product/r7000p/ R7960P (EoS) Nighthawk X6S AC3600 Tri-Band WiFi Router V1.4.4.92 https://www.netgear.com/support/product/r7960p/ R8000P (EoS) Nighthawk X6S AC4000 Tri Band WiFi Router V1.4.4.92 https://www.netgear.com/support/product/r8000p/ R8500 (EoS) Nighthawk X8 AC5300 Smart WiFi RouterEOSRAX20 (EoS) 4-Stream AX1800 WiFi 6 Router V1.0.18.144 https://www.netgear.com/support/product/rax20/ RAX35v2 Nighthawk AX4 4-Stream AX3000 WiFi 6 Router V1.0.12.118 https://www.netgear.com/support/product/rax35v2/ RAX40v2 Nighthawk AX4 4-Stream WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax40v2/ RAX41 (EoS) Nighthawk AX5 5-Stream AX3600 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax41/ RAX42 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax42/ RAX43 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.12.120 https://www.netgear.com/support/product/rax43/ RAX45 (EoS) Nighthawk AX6 6-Stream AX4300 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax45/ RAX48 Nighthawk AX6 6-Stream AX5200 WiFi 6 Router V1.0.12.118 https://www.netgear.com/support/product/rax48/ RAX50 Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.12.120 https://www.netgear.com/support/product/rax50/ RAX50S Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.12.120 https://www.netgear.com/support/product/rax50s/ RAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.0.10.86 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.0.10.86 https://www.netgear.com/support/product/raxe500/ XR1000 Nighthawk WiFi 6 Pro Gaming Router V1.0.0.68 https://www.netgear.com/support/product/xr1000/ \n\nModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router",
          "x_generator": {
            "engine": "Vulnogram 1.0.3"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "assignerShortName": "NETGEAR",
        "cveId": "CVE-2026-9210",
        "datePublished": "2026-06-09T15:50:48.947Z",
        "dateReserved": "2026-05-21T17:29:00.866Z",
        "dateUpdated": "2026-06-11T05:38:03.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-34983 (GCVE-0-2021-34983)

    Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
    VLAI
    Title
    NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability
    Summary
    NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    NETGEAR Multiple Routers Affected: V1.0.11.116_10.2.100
    Create a notification for this product.
    Date Public
    2021-10-29 13:54
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T15:08:46.169063Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T18:38:20.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:26:55.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-21-1275",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Multiple Routers",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.0.11.116_10.2.100"
                }
              ]
            }
          ],
          "dateAssigned": "2021-06-30T13:56:51.720Z",
          "datePublic": "2021-10-29T13:54:16.924Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T22:54:51.052Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-21-1275",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Sungur Labs"
          },
          "title": "NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2021-34983",
        "datePublished": "2024-05-07T22:54:51.052Z",
        "dateReserved": "2021-06-17T19:27:05.662Z",
        "dateUpdated": "2024-08-04T00:26:55.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34982 (GCVE-0-2021-34982)

    Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
    VLAI
    Title
    NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    NETGEAR Multiple Routers Affected: V1.0.11.116_10.2.100
    Create a notification for this product.
    netgear multiple_router_firmware Affected: 1.0.11.116_10.0.100
        cpe:2.3:o:netgear:multiple_router_firmware:1.0.11.116_10.0.100:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2021-10-29 13:54
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:netgear:multiple_router_firmware:1.0.11.116_10.0.100:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "multiple_router_firmware",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.11.116_10.0.100"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34982",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T14:52:41.415481Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:45.927Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:26:55.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-21-1274",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Multiple Routers",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.0.11.116_10.2.100"
                }
              ]
            }
          ],
          "dateAssigned": "2021-06-30T13:56:51.718Z",
          "datePublic": "2021-10-29T13:54:08.659Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n\n\n\n\n. Was ZDI-CAN-13709."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T22:54:50.139Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-21-1274",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Sungur Labs"
          },
          "title": "NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2021-34982",
        "datePublished": "2024-05-07T22:54:50.139Z",
        "dateReserved": "2021-06-17T19:27:05.662Z",
        "dateUpdated": "2024-08-04T00:26:55.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27643 (GCVE-0-2022-27643)

    Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2025-02-18 17:49
    VLAI
    Summary
    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    zdi
    Impacted products
    Vendor Product Version
    NETGEAR R6700v3 Affected: 1.0.4.120_10.0.91
    Create a notification for this product.
    Credits
    Stephen Fewer of Relyze Software Limited (www.relyze.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.967Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-519/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27643",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-18T17:49:08.208403Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T17:49:16.374Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "R6700v3",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.4.120_10.0.91"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Stephen Fewer of Relyze Software Limited (www.relyze.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-29T00:00:00.000Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-519/"
            },
            {
              "url": "https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2022-27643",
        "datePublished": "2023-03-29T00:00:00.000Z",
        "dateReserved": "2022-03-22T00:00:00.000Z",
        "dateUpdated": "2025-02-18T17:49:16.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45670 (GCVE-0-2021-45670)

    Vulnerability from nvd – Published: 2021-12-26 00:25 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7000 before 1.0.11.116, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R7000P before 1.3.2.126, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R6900P before 1.3.2.126, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.773Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064480/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0255"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7000 before 1.0.11.116, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R7000P before 1.3.2.126, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R6900P before 1.3.2.126, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:25:17.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064480/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0255"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45670",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7000 before 1.0.11.116, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R7000P before 1.3.2.126, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R6900P before 1.3.2.126, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064480/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0255",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064480/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0255"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45670",
        "datePublished": "2021-12-26T00:25:17.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45668 (GCVE-0-2021-45668)

    Vulnerability from nvd – Published: 2021-12-26 00:25 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064122/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2020-0257"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:25:40.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064122/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2020-0257"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45668",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064122/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2020-0257",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064122/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2020-0257"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45668",
        "datePublished": "2021-12-26T00:25:40.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45667 (GCVE-0-2021-45667)

    Vulnerability from nvd – Published: 2021-12-26 00:25 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000P before 1.4.1.66, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.865Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064481/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0256"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000P before 1.4.1.66, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:25:53.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064481/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0256"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45667",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000P before 1.4.1.66, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064481/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0256",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064481/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0256"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45667",
        "datePublished": "2021-12-26T00:25:53.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45666 (GCVE-0-2021-45666)

    Vulnerability from nvd – Published: 2021-12-26 00:26 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064121/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0254"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:26:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064121/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0254"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45666",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064121/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0254",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064121/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0254"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45666",
        "datePublished": "2021-12-26T00:26:06.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45665 (GCVE-0-2021-45665)

    Vulnerability from nvd – Published: 2021-12-26 00:26 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064120/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0247"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:26:16.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064120/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0247"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45665",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064120/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0247",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064120/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0247"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45665",
        "datePublished": "2021-12-26T00:26:16.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.863Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45641 (GCVE-0-2021-45641)

    Vulnerability from nvd – Published: 2021-12-26 00:30 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before 1.0.2.6, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.56.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.737Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064053/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0624"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before 1.0.2.6, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.56."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:L/S:U/UI:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:30:55.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064053/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0624"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45641",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before 1.0.2.6, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.56."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "availabilityImpact": "NONE",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:L/S:U/UI:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064053/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0624",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064053/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0624"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45641",
        "datePublished": "2021-12-26T00:30:55.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.737Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45640 (GCVE-0-2021-45640)

    Vulnerability from nvd – Published: 2021-12-26 00:31 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:L/PR:H/S:U/UI:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:31:04.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45640",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:L/PR:H/S:U/UI:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45640",
        "datePublished": "2021-12-26T00:31:04.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45639 (GCVE-0-2021-45639)

    Vulnerability from nvd – Published: 2021-12-26 00:31 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX50 before 1.0.2.28, RAX80 before 1.0.3.102, EX3800 before 1.0.0.90, MS60 before 1.0.5.102, R6900P before 1.3.2.126, R7900P before 1.4.1.66, RAX15 before 1.0.1.64, RAX45 before 1.0.2.28, RAX75 before 1.0.3.102, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.688Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064460/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0121"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX50 before 1.0.2.28, RAX80 before 1.0.3.102, EX3800 before 1.0.0.90, MS60 before 1.0.5.102, R6900P before 1.3.2.126, R7900P before 1.4.1.66, RAX15 before 1.0.1.64, RAX45 before 1.0.2.28, RAX75 before 1.0.3.102, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:R",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:31:15.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064460/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0121"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45639",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX50 before 1.0.2.28, RAX80 before 1.0.3.102, EX3800 before 1.0.0.90, MS60 before 1.0.5.102, R6900P before 1.3.2.126, R7900P before 1.4.1.66, RAX15 before 1.0.1.64, RAX45 before 1.0.2.28, RAX75 before 1.0.3.102, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "availabilityImpact": "NONE",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:R",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064460/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0121",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064460/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0121"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45639",
        "datePublished": "2021-12-26T00:31:15.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45621 (GCVE-0-2021-45621)

    Vulnerability from nvd – Published: 2021-12-26 00:34 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.926Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:34:50.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45621",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "availabilityImpact": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45621",
        "datePublished": "2021-12-26T00:34:50.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45533 (GCVE-0-2021-45533)

    Vulnerability from nvd – Published: 2021-12-26 00:55 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    Certain NETGEAR devices are affected by command injection by an authenticated user. This affects EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:21.495Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064458/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0062"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:55:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064458/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0062"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "availabilityImpact": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064458/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0062",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064458/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0062"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45533",
        "datePublished": "2021-12-26T00:55:13.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:21.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45512 (GCVE-0-2021-45512)

    Vulnerability from nvd – Published: 2021-12-26 01:01 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:21.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064117/Security-Advisory-for-Broken-Cryptography-on-Some-Routers-and-Extenders-PSV-2020-0134"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T01:01:17.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064117/Security-Advisory-for-Broken-Cryptography-on-Some-Routers-and-Extenders-PSV-2020-0134"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45512",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064117/Security-Advisory-for-Broken-Cryptography-on-Some-Routers-and-Extenders-PSV-2020-0134",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064117/Security-Advisory-for-Broken-Cryptography-on-Some-Routers-and-Extenders-PSV-2020-0134"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45512",
        "datePublished": "2021-12-26T01:01:17.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:21.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-9210 (GCVE-0-2026-9210)

    Vulnerability from cvelistv5 – Published: 2026-06-09 15:50 – Updated: 2026-06-11 05:38
    VLAI
    Title
    Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router
    Summary
    Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper input validation
    Assigner
    References
    URL Tags
    https://www.netgear.com/support/product/ex3700/ productpatch
    https://www.netgear.com/support/product/ex3800/ productpatch
    https://www.netgear.com/support/product/ex6120/ productpatch
    https://www.netgear.com/support/product/mr60/ productpatch
    https://www.netgear.com/support/product/ex6130/ productpatch
    https://www.netgear.com/support/product/ms70/ productpatch
    https://www.netgear.com/support/product/ms60/ productpatch
    https://www.netgear.com/support/product/mr80/ productpatch
    https://www.netgear.com/support/product/ms80/ productpatch
    https://www.netgear.com/support/product/mr70/ productpatch
    https://www.netgear.com/support/product/r6400v2/ productpatch
    https://www.netgear.com/support/product/r6700v3/ productpatch
    https://www.netgear.com/support/product/r6900p/ productpatch
    https://www.netgear.com/support/product/r7960p/ productpatch
    https://www.netgear.com/support/product/r7000p/ productpatch
    https://www.netgear.com/support/product/r8000p/ productpatch
    https://www.netgear.com/support/product/r8500/ product
    https://www.netgear.com/support/product/rax48/ productpatch
    https://www.netgear.com/support/product/r7000/ productpatch
    https://www.netgear.com/support/product/rax40v2/ productpatch
    https://www.netgear.com/support/product/rax20/ productpatch
    https://www.netgear.com/support/product/rax35v2/ productpatch
    https://www.netgear.com/support/product/rax41/ productpatch
    https://www.netgear.com/support/product/rax42/ productpatch
    https://www.netgear.com/support/product/rax45/ productpatch
    https://www.netgear.com/support/product/rax50/ productpatch
    https://www.netgear.com/support/product/rax43/ productpatch
    https://www.netgear.com/support/product/rax50s/ productpatch
    https://www.netgear.com/support/product/raxe450/ productpatch
    https://www.netgear.com/support/product/raxe500/ productpatch
    https://www.netgear.com/support/product/xr1000/ productpatch
    https://kb.netgear.com/000070811/June-2026-NETGEA… vendor-advisory
    Impacted products
    Vendor Product Version
    NETGEAR EX3700 Affected: 0 , < V1.0.0.100 (custom)
    Create a notification for this product.
    NETGEAR EX3800 Affected: 0 , < V1.0.0.100 (custom)
    Create a notification for this product.
    NETGEAR EX6120 Affected: 0 , < V1.0.0.72 (custom)
    Create a notification for this product.
    NETGEAR EX6130 Affected: 0 , < V1.0.0.54 (custom)
    Create a notification for this product.
    NETGEAR MR60 Affected: 0 , < V1.1.7.132 (custom)
    Create a notification for this product.
    NETGEAR MR70 Affected: 0 , < V1.0.3.28 (custom)
    Create a notification for this product.
    NETGEAR MR80 Affected: 0 , < V1.1.7.14 (custom)
    Create a notification for this product.
    NETGEAR MS60 Affected: 0 , < V1.1.7.132 (custom)
    Create a notification for this product.
    NETGEAR MS70 Affected: 0 , < V1.0.3.28 (custom)
    Create a notification for this product.
    NETGEAR MS80 Affected: 0 , < V1.1.7.14 (custom)
    Create a notification for this product.
    NETGEAR R6400v2 Affected: 0 , < V1.0.4.128 (custom)
    Create a notification for this product.
    NETGEAR R6700v3 Affected: 0 , < V1.0.4.128 (custom)
    Create a notification for this product.
    NETGEAR R6900P Affected: 0 , < V1.3.3.152 (custom)
    Create a notification for this product.
    NETGEAR R7000 Affected: 0 , < V1.0.11.216 (custom)
    Create a notification for this product.
    NETGEAR R7000P Affected: 0 , < V1.3.3.152 (custom)
    Create a notification for this product.
    NETGEAR R7960P Affected: 0 , < V1.4.4.92 (custom)
    Create a notification for this product.
    NETGEAR R8000P Affected: 0 , < V1.4.4.92 (custom)
    Create a notification for this product.
    NETGEAR R8500 Affected: 0 , ≤ 1.0.2.160 (custom)
    Create a notification for this product.
    NETGEAR RAX20 Affected: 0 , < V1.0.18.144 (custom)
    Create a notification for this product.
    NETGEAR RAX35v2 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX40v2 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX41 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX42 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX43 Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAX45 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX48 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX50 Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAX50S Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAXE450 Affected: 0 , < V1.0.10.86 (custom)
    Create a notification for this product.
    NETGEAR RAXE500 Affected: 0 , < V1.0.10.86 (custom)
    Create a notification for this product.
    NETGEAR XR1000 Affected: 0 , < V1.0.0.68 (custom)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Credits
    pjqwudi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9210",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T18:03:30.063423Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T18:39:39.151Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EX3700",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.100",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EX3800",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.100",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EX6120",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.72",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EX6130",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.54",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR60",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR70",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.3.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR80",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS60",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS70",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.3.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS80",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6400v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.4.128",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6700v3",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.4.128",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6900P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.3.3.152",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.11.216",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7000P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.3.3.152",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7960P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.4.4.92",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R8000P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.4.4.92",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R8500",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.2.160",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX20",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.18.144",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX35v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX40v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX41",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX42",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX43",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX45",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX48",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50S",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE450",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.10.86",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE500",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.10.86",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XR1000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.68",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex3700:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.100",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex3800:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.100",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex6120:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.72",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex6130:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.54",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:mr60:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.132",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:mr70:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.3.28",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:mr80:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.14",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ms60:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.132",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ms70:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.3.28",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ms80:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.14",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r6400v2:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.4.128",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r6700v3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.4.128",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r6900p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.3.3.152",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r7000:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.11.216",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r7000p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.3.3.152",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r7960p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.4.4.92",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r8000p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.4.4.92",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r8500:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax20:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.18.144",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax35v2:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax40v2:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax41:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax42:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax43:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.120",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax45:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax48:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax50:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.120",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax50s:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.120",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:raxe450:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.10.86",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:raxe500:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.10.86",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:xr1000:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.68",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "pjqwudi"
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003eInsufficient input validation vulnerability in the\u0026nbsp;listed NETGEAR models allows\u0026nbsp;authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "Insufficient input validation vulnerability in the\u00a0listed NETGEAR models allows\u00a0authenticated administrators connected to the local network to make unauthorized modification of router software and functionality."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T05:38:03.646Z",
            "orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
            "shortName": "NETGEAR"
          },
          "references": [
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex3700/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex3800/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex6120/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr60/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex6130/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms70/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms60/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr80/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms80/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr70/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6400v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6700v3/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6900p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7960p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7000p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r8000p/"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.netgear.com/support/product/r8500/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax48/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7000/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax40v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax20/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax35v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax41/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax42/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax45/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax43/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50s/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe450/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe500/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/xr1000/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX3700\u003c/b\u003e AC750 WiFi Range Extender Essentials Edition\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex3700/\"\u003eV1.0.0.100\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX3800 (EoS)\u003c/b\u003e AC750 WiFi Range Extender Essentials Edition\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex3800/\"\u003eV1.0.0.100\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX6120\u003c/b\u003e AC1200 Dual Band WiFi Range Extender\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex6120/\"\u003eV1.0.0.72\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX6130\u003c/b\u003e AC1200 WiFi Range Extender\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex6130/\"\u003eV1.0.0.54\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR60\u003c/b\u003e Nighthawk Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr60/\"\u003eV1.1.7.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR70\u003c/b\u003e Nighthawk Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr70/\"\u003eV1.0.3.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR80\u003c/b\u003e Nighthawk Tri-band Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr80/\"\u003eV1.1.7.14\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS60\u003c/b\u003e Nighthawk Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms60/\"\u003eV1.1.7.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS70\u003c/b\u003e Nighthawk Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms70/\"\u003eV1.0.3.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS80\u003c/b\u003e Nighthawk Tri-band Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms80/\"\u003eV1.1.7.14\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6400v2 (EoS)\u003c/b\u003e AC1750 Smart WiFi Router 802.11ac Dual Band Gigabit\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6400v2/\"\u003eV1.0.4.128\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6700v3 (EoS)\u003c/b\u003e Nighthawk AC1750 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6700v3/\"\u003eV1.0.4.128\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6900P (EoS)\u003c/b\u003e Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6900p/\"\u003eV1.3.3.152\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7000 (EoS)\u003c/b\u003e Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7000/\"\u003eV1.0.11.216\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7000P (EoS)\u003c/b\u003e Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7000p/\"\u003eV1.3.3.152\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7960P (EoS)\u003c/b\u003e Nighthawk X6S AC3600 Tri-Band WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7960p/\"\u003eV1.4.4.92\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR8000P (EoS)\u003c/b\u003e Nighthawk X6S AC4000 Tri Band WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r8000p/\"\u003eV1.4.4.92\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR8500 (EoS)\u003c/b\u003e Nighthawk X8 AC5300 Smart WiFi Router\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX20 (EoS)\u003c/b\u003e 4-Stream AX1800 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax20/\"\u003eV1.0.18.144\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX35v2\u003c/b\u003e Nighthawk AX4 4-Stream AX3000 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax35v2/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX40v2\u003c/b\u003e Nighthawk AX4 4-Stream WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax40v2/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX41 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX3600 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax41/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX42 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax42/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX43 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax43/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX45 (EoS)\u003c/b\u003e Nighthawk AX6 6-Stream AX4300 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax45/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX48\u003c/b\u003e Nighthawk AX6 6-Stream AX5200 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax48/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50S\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50s/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE450\u003c/b\u003e Nighthawk AXE10000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe450/\"\u003eV1.0.10.86\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE500\u003c/b\u003e Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe500/\"\u003eV1.0.10.86\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eXR1000\u003c/b\u003e Nighthawk WiFi 6 Pro Gaming Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/xr1000/\"\u003eV1.0.0.68\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.\u003c/p\u003e"
                }
              ],
              "value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionEX3700 AC750 WiFi Range Extender Essentials Edition V1.0.0.100 https://www.netgear.com/support/product/ex3700/ EX3800 (EoS) AC750 WiFi Range Extender Essentials Edition V1.0.0.100 https://www.netgear.com/support/product/ex3800/ EX6120 AC1200 Dual Band WiFi Range Extender V1.0.0.72 https://www.netgear.com/support/product/ex6120/ EX6130 AC1200 WiFi Range Extender V1.0.0.54 https://www.netgear.com/support/product/ex6130/ MR60 Nighthawk Mesh WiFi 6 Router V1.1.7.132 https://www.netgear.com/support/product/mr60/ MR70 Nighthawk Mesh WiFi 6 Router V1.0.3.28 https://www.netgear.com/support/product/mr70/ MR80 Nighthawk Tri-band Mesh WiFi 6 Router V1.1.7.14 https://www.netgear.com/support/product/mr80/ MS60 Nighthawk Mesh WiFi 6 Add-on Satellite V1.1.7.132 https://www.netgear.com/support/product/ms60/ MS70 Nighthawk Mesh WiFi 6 Add-on Satellite V1.0.3.28 https://www.netgear.com/support/product/ms70/ MS80 Nighthawk Tri-band Mesh WiFi 6 Add-on Satellite V1.1.7.14 https://www.netgear.com/support/product/ms80/ R6400v2 (EoS) AC1750 Smart WiFi Router 802.11ac Dual Band Gigabit V1.0.4.128 https://www.netgear.com/support/product/r6400v2/ R6700v3 (EoS) Nighthawk AC1750 Smart WiFi Dual Band Gigabit Router V1.0.4.128 https://www.netgear.com/support/product/r6700v3/ R6900P (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.3.3.152 https://www.netgear.com/support/product/r6900p/ R7000 (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.216 https://www.netgear.com/support/product/r7000/ R7000P (EoS) Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router V1.3.3.152 https://www.netgear.com/support/product/r7000p/ R7960P (EoS) Nighthawk X6S AC3600 Tri-Band WiFi Router V1.4.4.92 https://www.netgear.com/support/product/r7960p/ R8000P (EoS) Nighthawk X6S AC4000 Tri Band WiFi Router V1.4.4.92 https://www.netgear.com/support/product/r8000p/ R8500 (EoS) Nighthawk X8 AC5300 Smart WiFi RouterEOSRAX20 (EoS) 4-Stream AX1800 WiFi 6 Router V1.0.18.144 https://www.netgear.com/support/product/rax20/ RAX35v2 Nighthawk AX4 4-Stream AX3000 WiFi 6 Router V1.0.12.118 https://www.netgear.com/support/product/rax35v2/ RAX40v2 Nighthawk AX4 4-Stream WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax40v2/ RAX41 (EoS) Nighthawk AX5 5-Stream AX3600 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax41/ RAX42 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax42/ RAX43 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.12.120 https://www.netgear.com/support/product/rax43/ RAX45 (EoS) Nighthawk AX6 6-Stream AX4300 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax45/ RAX48 Nighthawk AX6 6-Stream AX5200 WiFi 6 Router V1.0.12.118 https://www.netgear.com/support/product/rax48/ RAX50 Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.12.120 https://www.netgear.com/support/product/rax50/ RAX50S Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.12.120 https://www.netgear.com/support/product/rax50s/ RAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.0.10.86 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.0.10.86 https://www.netgear.com/support/product/raxe500/ XR1000 Nighthawk WiFi 6 Pro Gaming Router V1.0.0.68 https://www.netgear.com/support/product/xr1000/ \n\nModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router",
          "x_generator": {
            "engine": "Vulnogram 1.0.3"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "assignerShortName": "NETGEAR",
        "cveId": "CVE-2026-9210",
        "datePublished": "2026-06-09T15:50:48.947Z",
        "dateReserved": "2026-05-21T17:29:00.866Z",
        "dateUpdated": "2026-06-11T05:38:03.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-34983 (GCVE-0-2021-34983)

    Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
    VLAI
    Title
    NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability
    Summary
    NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    NETGEAR Multiple Routers Affected: V1.0.11.116_10.2.100
    Create a notification for this product.
    Date Public
    2021-10-29 13:54
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T15:08:46.169063Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T18:38:20.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:26:55.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-21-1275",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Multiple Routers",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.0.11.116_10.2.100"
                }
              ]
            }
          ],
          "dateAssigned": "2021-06-30T13:56:51.720Z",
          "datePublic": "2021-10-29T13:54:16.924Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T22:54:51.052Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-21-1275",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Sungur Labs"
          },
          "title": "NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2021-34983",
        "datePublished": "2024-05-07T22:54:51.052Z",
        "dateReserved": "2021-06-17T19:27:05.662Z",
        "dateUpdated": "2024-08-04T00:26:55.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34982 (GCVE-0-2021-34982)

    Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
    VLAI
    Title
    NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    NETGEAR Multiple Routers Affected: V1.0.11.116_10.2.100
    Create a notification for this product.
    netgear multiple_router_firmware Affected: 1.0.11.116_10.0.100
        cpe:2.3:o:netgear:multiple_router_firmware:1.0.11.116_10.0.100:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2021-10-29 13:54
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:netgear:multiple_router_firmware:1.0.11.116_10.0.100:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "multiple_router_firmware",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.11.116_10.0.100"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34982",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T14:52:41.415481Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:45.927Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:26:55.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-21-1274",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Multiple Routers",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.0.11.116_10.2.100"
                }
              ]
            }
          ],
          "dateAssigned": "2021-06-30T13:56:51.718Z",
          "datePublic": "2021-10-29T13:54:08.659Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n\n\n\n\n. Was ZDI-CAN-13709."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T22:54:50.139Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-21-1274",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Sungur Labs"
          },
          "title": "NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2021-34982",
        "datePublished": "2024-05-07T22:54:50.139Z",
        "dateReserved": "2021-06-17T19:27:05.662Z",
        "dateUpdated": "2024-08-04T00:26:55.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27643 (GCVE-0-2022-27643)

    Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 17:49
    VLAI
    Summary
    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    zdi
    Impacted products
    Vendor Product Version
    NETGEAR R6700v3 Affected: 1.0.4.120_10.0.91
    Create a notification for this product.
    Credits
    Stephen Fewer of Relyze Software Limited (www.relyze.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.967Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-519/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27643",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-18T17:49:08.208403Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T17:49:16.374Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "R6700v3",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.4.120_10.0.91"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Stephen Fewer of Relyze Software Limited (www.relyze.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-29T00:00:00.000Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-519/"
            },
            {
              "url": "https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2022-27643",
        "datePublished": "2023-03-29T00:00:00.000Z",
        "dateReserved": "2022-03-22T00:00:00.000Z",
        "dateUpdated": "2025-02-18T17:49:16.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45512 (GCVE-0-2021-45512)

    Vulnerability from cvelistv5 – Published: 2021-12-26 01:01 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:21.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064117/Security-Advisory-for-Broken-Cryptography-on-Some-Routers-and-Extenders-PSV-2020-0134"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T01:01:17.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064117/Security-Advisory-for-Broken-Cryptography-on-Some-Routers-and-Extenders-PSV-2020-0134"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45512",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064117/Security-Advisory-for-Broken-Cryptography-on-Some-Routers-and-Extenders-PSV-2020-0134",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064117/Security-Advisory-for-Broken-Cryptography-on-Some-Routers-and-Extenders-PSV-2020-0134"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45512",
        "datePublished": "2021-12-26T01:01:17.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:21.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45533 (GCVE-0-2021-45533)

    Vulnerability from cvelistv5 – Published: 2021-12-26 00:55 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    Certain NETGEAR devices are affected by command injection by an authenticated user. This affects EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:21.495Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064458/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0062"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:55:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064458/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0062"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by command injection by an authenticated user. This affects EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "availabilityImpact": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064458/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0062",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064458/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0062"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45533",
        "datePublished": "2021-12-26T00:55:13.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:21.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45621 (GCVE-0-2021-45621)

    Vulnerability from cvelistv5 – Published: 2021-12-26 00:34 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.926Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:34:50.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45621",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "availabilityImpact": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:N/S:C/UI:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45621",
        "datePublished": "2021-12-26T00:34:50.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45639 (GCVE-0-2021-45639)

    Vulnerability from cvelistv5 – Published: 2021-12-26 00:31 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX50 before 1.0.2.28, RAX80 before 1.0.3.102, EX3800 before 1.0.0.90, MS60 before 1.0.5.102, R6900P before 1.3.2.126, R7900P before 1.4.1.66, RAX15 before 1.0.1.64, RAX45 before 1.0.2.28, RAX75 before 1.0.3.102, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.688Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064460/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0121"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX50 before 1.0.2.28, RAX80 before 1.0.3.102, EX3800 before 1.0.0.90, MS60 before 1.0.5.102, R6900P before 1.3.2.126, R7900P before 1.4.1.66, RAX15 before 1.0.1.64, RAX45 before 1.0.2.28, RAX75 before 1.0.3.102, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:R",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:31:15.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064460/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0121"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45639",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX50 before 1.0.2.28, RAX80 before 1.0.3.102, EX3800 before 1.0.0.90, MS60 before 1.0.5.102, R6900P before 1.3.2.126, R7900P before 1.4.1.66, RAX15 before 1.0.1.64, RAX45 before 1.0.2.28, RAX75 before 1.0.3.102, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "availabilityImpact": "NONE",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:C/UI:R",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064460/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0121",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064460/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0121"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45639",
        "datePublished": "2021-12-26T00:31:15.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45640 (GCVE-0-2021-45640)

    Vulnerability from cvelistv5 – Published: 2021-12-26 00:31 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:L/PR:H/S:U/UI:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:31:04.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45640",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:L/PR:H/S:U/UI:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064045/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0228"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45640",
        "datePublished": "2021-12-26T00:31:04.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45641 (GCVE-0-2021-45641)

    Vulnerability from cvelistv5 – Published: 2021-12-26 00:30 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before 1.0.2.6, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.56.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.737Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064053/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0624"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before 1.0.2.6, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.56."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:L/S:U/UI:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:30:55.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064053/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0624"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45641",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before 1.0.2.6, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.56."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "availabilityImpact": "NONE",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:L/S:U/UI:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064053/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0624",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064053/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2018-0624"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45641",
        "datePublished": "2021-12-26T00:30:55.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.737Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45665 (GCVE-0-2021-45665)

    Vulnerability from cvelistv5 – Published: 2021-12-26 00:26 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064120/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0247"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:26:16.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064120/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0247"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45665",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064120/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0247",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064120/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0247"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45665",
        "datePublished": "2021-12-26T00:26:16.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.863Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45666 (GCVE-0-2021-45666)

    Vulnerability from cvelistv5 – Published: 2021-12-26 00:26 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064121/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0254"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:26:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064121/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0254"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45666",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064121/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0254",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064121/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0254"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45666",
        "datePublished": "2021-12-26T00:26:06.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45667 (GCVE-0-2021-45667)

    Vulnerability from cvelistv5 – Published: 2021-12-26 00:25 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000P before 1.4.1.66, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.865Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064481/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0256"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000P before 1.4.1.66, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:25:53.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064481/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0256"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45667",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000P before 1.4.1.66, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064481/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0256",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064481/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0256"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45667",
        "datePublished": "2021-12-26T00:25:53.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45668 (GCVE-0-2021-45668)

    Vulnerability from cvelistv5 – Published: 2021-12-26 00:25 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064122/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2020-0257"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:25:40.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064122/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2020-0257"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45668",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064122/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2020-0257",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064122/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2020-0257"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45668",
        "datePublished": "2021-12-26T00:25:40.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45670 (GCVE-0-2021-45670)

    Vulnerability from cvelistv5 – Published: 2021-12-26 00:25 – Updated: 2024-08-04 04:47
    VLAI
    Summary
    Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7000 before 1.0.11.116, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R7000P before 1.3.2.126, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R6900P before 1.3.2.126, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:47:01.773Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064480/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0255"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7000 before 1.0.11.116, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R7000P before 1.3.2.126, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R6900P before 1.3.2.126, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-26T00:25:17.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.netgear.com/000064480/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0255"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45670",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7000 before 1.0.11.116, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R7000P before 1.3.2.126, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R6900P before 1.3.2.126, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AC:H/AV:A/A:L/C:L/I:H/PR:H/S:C/UI:R",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.netgear.com/000064480/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0255",
                  "refsource": "MISC",
                  "url": "https://kb.netgear.com/000064480/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0255"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45670",
        "datePublished": "2021-12-26T00:25:17.000Z",
        "dateReserved": "2021-12-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:47:01.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }