CVE-2021-38534 : Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 bef

Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.60, D6200 before 1.1.00.36, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.62, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6700v3 before 1.0.2.62, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7450 before 1.2.0.36, R7900 before 1.0.3.8, R7900P before 1.4.1.50, R8000 before 1.0.4.28, R8000P before 1.4.1.50, R8300 before 1.0.2.130, R8500 before 1.0.2.130, WNDR3400v3 before 1.0.1.24, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.40, and XR500 before 2.3.2.40.

Published 2021-08-11 00:17:22

Updated 2021-08-19 17:59:26

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Exploit prediction scoring system (EPSS) score for CVE-2021-38534

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 21 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-38534

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
4.1	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L	0.7	3.4	MITRE
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
4.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	1.7	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2021-38534

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-38534

https://kb.netgear.com/000063758/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2018-0244

Security Advisory for Stored Cross Site Scripting on Some Routers and Gateways, PSV-2018-0244 | Answer | NETGEAR Support
Vendor Advisory

Products affected by CVE-2021-38534

Netgear » D3600 Firmware
Versions before (<) 1.0.0.76
cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D3600 » Version: N/A
Netgear » D6000 Firmware
Versions before (<) 1.0.0.76
cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D6000 » Version: N/A
Netgear » R6400 Firmware
Versions before (<) 1.0.2.62
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6400 » Version: V2
Netgear » R6400 Firmware
Versions before (<) 1.0.1.46
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6400 » Version: N/A
Netgear » R6700 Firmware
Versions before (<) 1.0.2.6
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6700 » Version: N/A
Netgear » R6700 Firmware
Versions before (<) 1.0.2.62
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6700 » Version: V3
Netgear » R6700 Firmware
Versions before (<) 1.2.0.36
cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6700 » Version: V2
Netgear » R6900 Firmware
Versions before (<) 1.2.0.36
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6900 » Version: V2
Netgear » R6900 Firmware
Versions before (<) 1.0.2.4
cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6900 » Version: N/A
Netgear » R7000 Firmware
Versions before (<) 1.0.9.60
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7000 » Version: N/A
Netgear » R7100lg Firmware
Versions before (<) 1.0.0.50
cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7100lg » Version: N/A
Netgear » R7300dst Firmware
Versions before (<) 1.0.0.70
cpe:2.3:o:netgear:r7300dst_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7300dst » Version: N/A
Netgear » R7900 Firmware
Versions before (<) 1.0.3.8
cpe:2.3:o:netgear:r7900_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7900 » Version: N/A
Netgear » R8000 Firmware
Versions before (<) 1.0.4.28
cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R8000 » Version: N/A
Netgear » D6220 Firmware
Versions before (<) 1.0.0.52
cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D6220 » Version: N/A
Netgear » D6400 Firmware
Versions before (<) 1.0.0.86
cpe:2.3:o:netgear:d6400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D6400 » Version: N/A
Netgear » R6250 Firmware
Versions before (<) 1.0.4.34
cpe:2.3:o:netgear:r6250_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6250 » Version: N/A
Netgear » R6300 Firmware
Versions before (<) 1.0.4.34
cpe:2.3:o:netgear:r6300_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6300 » Version: V2
Netgear » Dgn2200 Firmware
Versions before (<) 1.0.0.110
cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Dgn2200 » Version: V4
Netgear » Wnr3500l Firmware
Versions before (<) 1.2.0.62
cpe:2.3:o:netgear:wnr3500l_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Wnr3500l » Version: V2
Netgear » D6100 Firmware
Versions before (<) 1.0.0.60
cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D6100 » Version: N/A
Netgear » D6200 Firmware
Versions before (<) 1.1.00.36
cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D6200 » Version: N/A
Netgear » Jr6150 Firmware
Versions before (<) 1.0.1.18
cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Jr6150 » Version: N/A
Netgear » R6050 Firmware
Versions before (<) 1.0.1.18
cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6050 » Version: N/A
Netgear » R6220 Firmware
Versions before (<) 1.1.0.80
cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6220 » Version: N/A
Netgear » Wndr3400 Firmware
Versions before (<) 1.0.1.24
cpe:2.3:o:netgear:wndr3400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Wndr3400 » Version: V3
Netgear » Wnr2020 Firmware
Versions before (<) 1.1.0.62
cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Wnr2020 » Version: N/A
Netgear » D7000 Firmware
Versions before (<) 1.0.0.53
cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D7000 » Version: V2
Netgear » D7000 Firmware
Versions before (<) 1.0.1.70
cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D7000 » Version: N/A
Netgear » Pr2000 Firmware
Versions before (<) 1.0.0.28
cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Pr2000 » Version: N/A
Netgear » R6020 Firmware
Versions before (<) 1.0.0.42
cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6020 » Version: N/A
Netgear » R6080 Firmware
Versions before (<) 1.0.0.42
cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6080 » Version: N/A
Netgear » R6800 Firmware
Versions before (<) 1.2.0.36
cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6800 » Version: N/A
Netgear » R8300 Firmware
Versions before (<) 1.0.2.130
cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R8300 » Version: N/A
Netgear » R8500 Firmware
Versions before (<) 1.0.2.130
cpe:2.3:o:netgear:r8500_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R8500 » Version: N/A
Netgear » R7000p Firmware
Versions before (<) 1.3.1.64
cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7000p » Version: N/A
Netgear » R6900p Firmware
Versions before (<) 1.3.1.64
cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6900p » Version: N/A
Netgear » D8500 Firmware
Versions before (<) 1.0.3.44
cpe:2.3:o:netgear:d8500_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » D8500 » Version: N/A
Netgear » Dgnd2200b Firmware
Versions before (<) 1.0.0.109
cpe:2.3:o:netgear:dgnd2200b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Dgnd2200b » Version: V4
Netgear » R7900p Firmware
Versions before (<) 1.4.1.50
cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7900p » Version: N/A
Netgear » R8000p Firmware
Versions before (<) 1.4.1.50
cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R8000p » Version: N/A
Netgear » Xr500 Firmware
Versions before (<) 2.3.2.40
cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Xr500 » Version: N/A
Netgear » Dm200 Firmware
Versions before (<) 1.0.0.61
cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Dm200 » Version: N/A
Netgear » Dc112a Firmware
Versions before (<) 1.0.0.42
cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Dc112a » Version: N/A
Netgear » R6230 Firmware
Versions before (<) 1.1.0.80
cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6230 » Version: N/A
Netgear » R6260 Firmware
Versions before (<) 1.1.0.64
cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R6260 » Version: N/A
Netgear » Xr450 Firmware
Versions before (<) 2.3.2.40
cpe:2.3:o:netgear:xr450_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » Xr450 » Version: N/A
Netgear » R7450 Firmware
Versions before (<) 1.2.0.36
cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Netgear » R7450 » Version: N/A

Vulnerability Details : CVE-2021-38534

Exploit prediction scoring system (EPSS) score for CVE-2021-38534

CVSS scores for CVE-2021-38534

CWE ids for CVE-2021-38534

References for CVE-2021-38534

Products affected by CVE-2021-38534