CVE-2021-45668 : Security Advisory and Response
Learn about CVE-2021-45668 affecting NETGEAR devices with stored XSS vulnerability. Understand its impact, affected systems, mitigation steps, and prevention measures.
Certain NETGEAR devices are affected by stored XSS. This impacts various models before specific firmware versions. The vulnerability has a CVSS base score of 6.5.
Understanding CVE-2021-45668
What is CVE-2021-45668?
NETGEAR devices suffer from stored cross-site scripting (XSS) vulnerabilities, affecting several models before designated firmware versions.
The Impact of CVE-2021-45668
The vulnerability has a CVSS base score of 6.5, classified as MEDIUM severity. Its attack vector is ADJACENT_NETWORK with HIGH attack complexity and HIGH integrity impact.
Technical Details of CVE-2021-45668
Vulnerability Description
Stored XSS vulnerability in NETGEAR devices allows attackers to inject malicious scripts into web pages viewed by other users.
Affected Systems and Versions
- EAX20 before 1.0.0.48
- EAX80 before 1.0.1.64
- EX3700 before 1.0.0.90
- and more models before specific versions.
Exploitation Mechanism
- Attack Complexity: HIGH
- Attack Vector: ADJACENT_NETWORK
- Privileges Required: HIGH
- User Interaction: REQUIRED
Mitigation and Prevention
Immediate Steps to Take
- Update affected NETGEAR devices to the latest firmware versions.
- Regularly monitor for security advisories from NETGEAR.
Long-Term Security Practices
- Implement network segmentation to limit the impact of potential attacks.
- Train users to recognize and report suspicious behavior.
- Utilize web application firewalls to filter and block malicious traffic.
Patching and Updates
Regularly check for firmware updates and apply patches promptly.