CVE-2021-45673 : Security Advisory and Response
Learn about CVE-2021-45673 affecting certain NETGEAR devices with stored XSS vulnerability. Find impacted models and versions, the severity level, and mitigation steps.
Certain NETGEAR devices are affected by stored XSS, impacting several models including R7000, R7900, R8000, RAX200, R7000P, RAX80, R6900P, and RAX75.
Understanding CVE-2021-45673
What is CVE-2021-45673?
Certain NETGEAR devices are vulnerable to stored XSS, with specific firmware versions at risk.
The Impact of CVE-2021-45673
The vulnerability poses a medium-level threat, requiring user interaction for exploitation, with low confidentiality and integrity impacts.
Technical Details of CVE-2021-45673
Vulnerability Description
- Stored XSS vulnerability affects certain NETGEAR devices.
Affected Systems and Versions
- Devices affected include but are not limited to: R7000 < 1.0.11.110, R7900 < 1.0.4.30, R8000 < 1.0.4.62, RAX200 < 1.0.3.106, R7000P < 1.3.3.140, RAX80 < 1.0.3.106, R6900P < 1.3.3.140, RAX75 < 1.0.3.106.
Exploitation Mechanism
- Low attack complexity with adjacent network vector requiring user interaction.
Mitigation and Prevention
Immediate Steps to Take
- Update affected devices to the latest firmware versions.
- Disable remote management on the affected routers.
Long-Term Security Practices
- Regularly monitor for security advisories and updates from NETGEAR.
- Implement network segmentation to contain potential attacks.
Patching and Updates
- Apply patches provided by NETGEAR to fix the vulnerability.