CVE-2018-21155
Description
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.4.2, R9000 before 1.0.3.16, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in multiple NETGEAR routers and gateways allows attackers to inject scripts via firmware interfaces.
Vulnerability
A stored cross-site scripting (XSS) vulnerability exists in the web interfaces of multiple NETGEAR devices. The flaw affects the following models running firmware versions before the indicated fixes: D7800 prior to 1.0.1.34, DM200 prior to 1.0.0.52, R6100 prior to 1.0.1.22, R7500 prior to 1.0.0.122, R7500v2 prior to 1.0.3.26, R7800 prior to 1.0.2.42, R8900 prior to 1.0.4.2, R9000 prior to 1.0.3.16, WNDR4300 prior to 1.0.2.98, WNDR4300v2 prior to 1.0.0.54, WNDR4500v3 prior to 1.0.0.54, and WNR2000v5 prior to 1.0.0.64 [1]. The vulnerability is a stored XSS, meaning the injected script is persistently stored on the device and executed when other users access the affected interface.
Exploitation
To exploit the vulnerability, an attacker must first gain authenticated access to the device's web management interface or leverage an existing session. The attacker then injects malicious script code into a parameter that is subsequently stored (for example, in device configuration or log settings). When an administrator or other user views the affected page, the stored script executes in the context of the victim's browser session [1]. No network proximity beyond access to the management interface is required; the attacker can be remote if the interface is exposed.
Impact
Successful exploitation leads to arbitrary script execution within the browser of any user viewing the affected page. This can result in session hijacking, credential theft (e.g., via keylogging or form capture), unauthorized configuration changes, or redirection to malicious sites. The scope of impact is confined to the browser session and the privileges of the logged-in user, but because administrators typically have full device control, an admin compromise could lead to full device takeover.
Mitigation
NETGEAR has released fixed firmware versions for all affected models: D7800 1.0.1.34, DM200 1.0.0.52, R6100 1.0.1.22, R7500 1.0.0.122, R7500v2 1.0.3.26, R7800 1.0.2.42, R8900 1.0.4.2, R9000 1.0.3.16, WNDR4300 1.0.2.98, WNDR4300v2 1.0.0.54, WNDR4500v3 1.0.0.54, and WNR2000v5 1.0.0.64 [1]. Users are strongly advised to download and install the latest firmware from the NETGEAR Support website. No workarounds are provided, and no KEV listing is mentioned.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- NETGEAR/NETGEAR devicesdescription
- Range: <1.0.0.52
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.