2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2021-38538" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2021-08-11T00:17:53.557" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T06:17:22.900" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR500 before 2.3.2.56."
} ,
{
"lang" : "es" ,
"value" : "Determinados dispositivos NETGEAR est\u00e1n afectados por un ataque de tipo XSS almacenado. Esto afecta a D7800 versiones anteriores a 1.0.1.56, R7800 versiones anteriores a 1.0.2.68, R8900 versiones anteriores a 1.0.4.26, R9000 versiones anteriores a 1.0.4.26, RAX120 versiones anteriores a 1.0.0.78, RBK20 versiones anteriores a 2.3.5.26, RBR20 versiones anteriores a 2.3.5.26, RBS20 versiones anteriores a 2. 3.5.26, RBK40 versiones anteriores a 2.3.5.30, RBR40 versiones anteriores a 2.3.5.30, RBS40 versiones anteriores a 2.3.5.30, RBK50 versiones anteriores a 2.3.5.30, RBR50 versiones anteriores a 2.3.5.30, RBS50 versiones anteriores a 2.3.5.30 y XR500 versiones anteriores a 2.3.2.56"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "cve@mitre.org" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 6.3 ,
"baseSeverity" : "MEDIUM" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "LOCAL" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 1.0 ,
"impactScore" : 5.2
2024-12-08 03:06:42 +00:00
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" ,
"baseScore" : 6.1 ,
"baseSeverity" : "MEDIUM" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "NONE"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 2.7
2023-04-24 12:24:31 +02:00
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 4.3 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "PARTIAL" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.6 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : true
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-79"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "1.0.1.56" ,
"matchCriteriaId" : "2C35893A-C6C2-45C7-B3AF-BCFA62381BE5"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DA2D4987-3726-4A72-8D32-592F59FAC46D"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "1.0.2.68" ,
"matchCriteriaId" : "70E4DC5E-E34E-4AB1-BD50-F741142CB917"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "17CF7445-6950-45FE-9D1A-E23F63316329"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "1.0.4.26" ,
"matchCriteriaId" : "BEF7967B-5FA3-4D43-BEC5-2644FBB1D168"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0F859165-8D89-4CDD-9D48-9C7923D2261F"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "1.0.4.26" ,
"matchCriteriaId" : "D34DD834-FE59-4F04-9448-FDC385CF70F6"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "1.0.0.78" ,
"matchCriteriaId" : "FF94E4E9-5F05-4727-BEEC-E6CAEF313864"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1742BD56-84E4-40E1-8C04-098B3715161E"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:rbk20_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.3.5.26" ,
"matchCriteriaId" : "AFE16323-EF75-4752-9B04-43B136BAE45D"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:rbk20:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E6C9F31C-3E12-4787-9C9B-14883D9D152A"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.3.5.26" ,
"matchCriteriaId" : "EA36B519-BB43-4329-96A5-842C74E05F8A"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.3.5.26" ,
"matchCriteriaId" : "B2FC86AC-1164-45C8-8D9E-6B88EC02B254"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:rbk40_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.3.5.30" ,
"matchCriteriaId" : "89C8AC8A-A1C8-4DA3-AFCC-F6A2E7367C7B"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:rbk40:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "12DDD83C-6FF1-433F-ACA1-7B4B147F9A8C"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:rbs40_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.3.5.30" ,
"matchCriteriaId" : "624E85AD-3B34-413B-A271-1167CB551BD3"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:rbs40:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6FDCDE39-0355-43B9-BF57-F3718DA2988D"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:rbr40_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.3.5.30" ,
"matchCriteriaId" : "A040117E-5DF5-4D8F-B0ED-E0ED148A6640"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:rbr40:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A9E20E59-2B1E-4E43-A494-2C20FD716D4F"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.3.5.30" ,
"matchCriteriaId" : "B7ED1541-DE7D-4A4C-B8D1-CB42E52E3DBE"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:rbk50:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8BA66D07-D017-49D6-8E72-5C48E940DE1B"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:rbr50_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.3.5.30" ,
"matchCriteriaId" : "094B04D5-9063-4D7A-B367-E1F2688B3667"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:rbr50:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B2CAEA32-6934-4743-9E6B-22D52AC5E7F8"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:rbs50_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.3.5.30" ,
"matchCriteriaId" : "C489444C-6C19-4A52-AF66-A1D48ADC4F26"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:rbs50:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3BCFD959-D522-4FA0-AD01-2937DAEE1EDF"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.3.2.56" ,
"matchCriteriaId" : "AA9B22EF-5791-41DB-8CC1-A1B60CF4A73F"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:netgear:xr500:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9E203D92-F97B-4F5B-B395-3A5DEDBF1C1C"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://kb.netgear.com/000063761/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0515" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://kb.netgear.com/000063761/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0515" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
