Lucene search

MitreCVE-2018-21209

HistoryApr 28, 2020 - 4:15 p.m.

CVE-2018-21209

2020-04-2816:15:13

CWE-79

mitre

web.nvd.nist.gov

netgear

devices

reflected xss

vulnerability

nvd

cve-2018-21209

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

Percentile

12.6%

JSON

Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.

Affected configurations

Nvd

Node

netgearjnr1010_firmwareRange<1.1.0.46

AND

netgearjnr1010Matchv2

Node

netgearjr6150_firmwareRange<1.0.1.10

AND

netgearjr6150Match-

Node

netgearjwnr2010_firmwareRange<1.1.0.46

AND

netgearjwnr2010Matchv5

Node

netgearpr2000_firmwareRange<1.0.0.20

AND

netgearpr2000Match-

Node

netgearr6050_firmwareRange<1.0.1.10

AND

netgearr6050Match-

Node

netgearr6220_firmwareRange<1.1.0.60

AND

netgearr6220Match-

Node

netgearwndr3700_firmwareRange<1.1.0.50

AND

netgearwndr3700Matchv5

Node

netgearwnr1000_firmwareRange<1.1.0.46

AND

netgearwnr1000Matchv4

Node

netgearwnr2020_firmwareRange<1.1.0.46

AND

netgearwnr2020Match-

Node

netgearwnr2050_firmwareRange<1.1.0.46

AND

netgearwnr2050Match-

VendorProductVersionCPE
netgearjnr1010_firmware*cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*
netgearjnr1010v2cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*
netgearjr6150_firmware*cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*
netgearjr6150-cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*
netgearjwnr2010_firmware*cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*
netgearjwnr2010v5cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*
netgearpr2000_firmware*cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*
netgearpr2000-cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:*
netgearr6050_firmware*cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*
netgearr6050-cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	jnr1010_firmware	*	cpe:2.3:o:netgear:jnr1010_firmware::::::::
netgear	jnr1010	v2	cpe:2.3:h:netgear:jnr1010:v2:::::::*
netgear	jr6150_firmware	*	cpe:2.3:o:netgear:jr6150_firmware::::::::
netgear	jr6150	-	cpe:2.3:h:netgear:jr6150:-:::::::*
netgear	jwnr2010_firmware	*	cpe:2.3:o:netgear:jwnr2010_firmware::::::::
netgear	jwnr2010	v5	cpe:2.3:h:netgear:jwnr2010:v5:::::::*
netgear	pr2000_firmware	*	cpe:2.3:o:netgear:pr2000_firmware::::::::
netgear	pr2000	-	cpe:2.3:h:netgear:pr2000:-:::::::*
netgear	r6050_firmware	*	cpe:2.3:o:netgear:r6050_firmware::::::::
netgear	r6050	-	cpe:2.3:h:netgear:r6050:-:::::::*

Rows per page:

1-10 of 201

References

kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2018-21209