CVE-2021-38537

Vulnerability

Stored cross-site scripting (XSS) vulnerability exists in the web-based management interface of multiple NETGEAR routers and gateways. Affected models include D6200 (before 1.1.00.40), D7000 (before 1.0.1.78), R6020 (before 1.0.0.48), R6080 (before 1.0.0.48), R6120 (before 1.0.0.66), R6260 (before 1.1.0.78), R6700v2 (before 1.2.0.76), R6800 (before 1.2.0.76), R6900v2 (before 1.2.0.76), R6850 (before 1.1.0.78), R7200 (before 1.2.0.76), R7350 (before 1.2.0.76), R7400 (before 1.2.0.76), R7450 (before 1.2.0.76), AC2100 (before 1.2.0.76), AC2400 (before 1.2.0.76), AC2600 (before 1.2.0.76), and RAX40 (before 1.0.3.62). The vulnerability allows an attacker to store malicious scripts that are later executed when an administrator accesses the affected page.

Exploitation

An attacker must have access to the router's web interface, typically requiring authentication as an administrator or a user with privileges to modify certain settings. The attacker can inject malicious JavaScript code into input fields that are not properly sanitized. When the stored data is rendered in the web interface, the script executes in the context of the victim's browser, potentially allowing further actions.

Impact

Successful exploitation leads to stored cross-site scripting, enabling the attacker to execute arbitrary JavaScript in the context of the administrator's session. This could result in session hijacking, defacement, or redirection to malicious sites. The impact is limited to the web interface and does not directly compromise the router's firmware or network traffic.

Mitigation

NETGEAR has released firmware updates to fix this vulnerability. Users should update to the latest firmware versions as specified: D6200 to 1.1.00.40, D7000 to 1.0.1.78, R6020/R6080 to 1.0.0.48, R6120 to 1.0.0.66, R6260/R6850 to 1.1.0.78, R6700v2/R6800/R6900v2/R7200/R7350/R7400/R7450/AC2100/AC2400/AC2600 to 1.2.0.76, and RAX40 to 1.0.3.62. No workarounds are provided; updating firmware is the recommended action. [1]