{"id": "CVE-2021-38535", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.2}]}, "published": "2021-08-11T00:17:26.993", "references": [{"url": "https://kb.netgear.com/000063773/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2019-0192", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62."}, {"lang": "es", "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por un ataque de tipo XSS almacenado. Esto afecta a D6200 versiones anteriores a 1.1.00.40, D7000 versiones anteriores a 1.0.1.78, R6020 versiones anteriores a 1.0.0.48, R6080 versiones anteriores a 1.0.0.48, R6120 versiones anteriores a 1.0.0.76, R6260 versiones anteriores a 1.1.0.78, R6700v2 versiones anteriores a 1.2.0.76, R6800 versiones anteriores a 1.2.0.76, R6900v2 versiones anteriores a 1.2.0. 76, R6850 versiones anteriores a 1.1.0.78, R7200 versiones anteriores a 1.2.0.76, R7350 versiones anteriores a 1.2.0.76, R7400 versiones anteriores a 1.2.0.76, R7450 versiones anteriores a 1.2.0.76, AC2100 versiones anteriores a 1.2.0.76, AC2400 versiones anteriores a 1.2.0.76, AC2600 versiones anteriores a 1.2.0.76, RAX35 versiones anteriores a 1.0.3.62 y RAX40 versiones anteriores a 1.0.3.62"}], "lastModified": "2021-08-19T16:42:59.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59BF957E-F3B6-41A5-A36C-8C0CF3B417D0", "versionEndExcluding": "1.1.00.40"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "00E6A1B7-4732-4259-9B71-10FF0B56A16B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C539CF50-2AC3-45F9-8F69-FA2F50FAD92D", "versionEndExcluding": "1.0.1.78"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AF04B65B-9685-4595-9C71-0F77AD7109BE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EC58A4B-E061-49ED-BB2D-E0497846DBEE", "versionEndExcluding": "1.0.0.48"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5DDA7ABF-4C4B-4945-993A-F93BD8FCB55E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF9D1B97-7FF8-45D9-BFD6-72554BBB6008", "versionEndExcluding": "1.0.0.48"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1CEB5C49-53CF-44AE-9A7D-E7E6201BFE62"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B373C515-681A-4D80-9BFD-5E2DFD6F2DF0", "versionEndExcluding": "1.0.0.76"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D18D2CCD-424F-41D5-919B-E22B9FA68D36"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33824B9B-1224-484A-AFF4-953573F299C6", "versionEndExcluding": "1.1.0.78"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6700_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0FCF958-2F6A-4B79-B307-2FE23B7CE8FC", "versionEndExcluding": "1.2.0.76"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6700:v2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9F9706E6-CA53-43E4-91B0-D52655C86860"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA434604-4916-4830-A96B-CEC0C8E5A1A0", "versionEndExcluding": "1.2.0.76"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "09404083-B00B-4C1F-8085-BC242E625CA3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6900_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E9457F1-F5E8-43CA-8697-3849E140B0CC", "versionEndExcluding": "1.2.0.76"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6900:v2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2E8EB69B-6619-47B6-A073-D0B840D4EB0B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "612DAD20-761D-41D5-A6AB-AA9975847D34", "versionEndExcluding": "1.1.0.78"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6850:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "598B48C5-4706-4431-8C5A-DA496DD1052F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D95583A-EC79-41FF-9496-DAB19A1A34DB", "versionEndExcluding": "1.2.0.76"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FECB83F9-D417-4FD3-B293-87BC177E3AEB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7350_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53B1B947-2E36-463C-848F-C5F5C0A5ECAF", "versionEndExcluding": "1.2.0.76"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7350:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AFD1A65C-F10F-4C52-8B6D-69992E512EB5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A188F6E-5296-4511-97F2-9328B1E1F6CF", "versionEndExcluding": "1.2.0.76"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1F68AC3B-A31F-4AB0-89E9-BFFDE427AD3B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r7450_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33043216-4563-4195-88D7-93446302ECD1", "versionEndExcluding": "1.2.0.76"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r7450:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6DA5420D-DD64-4A9C-9B5F-784F0ED2B464"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AB0B236-6BC6-4E99-8792-6B01BD591D3A", "versionEndExcluding": "1.2.0.76"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ac2100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A80B06A1-81B5-4C33-89F6-EC3F6E3068B5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ac2400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B01C772-D1D4-41F1-A33D-72A6A672502A", "versionEndExcluding": "1.2.0.76"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ac2400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6B25A18F-DD96-45FE-B098-71E60CB0FFFE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ac2600_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA359610-21DC-41C4-9430-8406B34490EB", "versionEndExcluding": "1.2.0.76"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ac2600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2BFCD9A8-1846-48C4-9F14-3866E983FB74"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax35_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD29688A-89F2-49A5-B9D9-6AFC0EA6CB49", "versionEndExcluding": "1.0.3.62"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax35:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4201E4D6-4DDF-4EF3-902A-960DFFF7C9A4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax40_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B269F15-F70A-4F6C-90AD-025EBB497C1B", "versionEndExcluding": "1.0.3.62"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "13D54346-4B03-4296-B050-04EB8CFCA732"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}