CVE-2021-45668
Description
Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in multiple NETGEAR routers and extenders allows attackers to inject malicious scripts via the web interface.
Vulnerability
A stored cross-site scripting (XSS) vulnerability exists in the web-based management interface of multiple NETGEAR devices. Affected models include EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106 [1]. The vulnerability allows an attacker to store arbitrary HTML or JavaScript code that executes in the context of an authenticated administrator's browser session when they view the affected page.
Exploitation
An attacker must have network access to the device's management interface and be able to trigger the vulnerable functionality (e.g., via a crafted configuration field or other input vector that is not sanitized). The attack does not require the attacker to be authenticated to the device initially; however, the injected script will only execute when an authenticated administrator visits the page containing the stored payload [1]. The exact input vector is not disclosed but the advisory indicates it is stored (persistent) XSS.
Impact
Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the admin's browser session. This can lead to session hijacking, defacement of the management interface, or further actions within the admin's authenticated context. The impact is limited to the web interface and does not directly compromise the underlying operating system, but an attacker could potentially leverage the admin session to make configuration changes.
Mitigation
NETGEAR has released firmware updates for all affected models, with the fixed versions listed above. Users should download and install the latest firmware for their device from the NETGEAR Support site as soon as possible [1]. No workarounds are available; the only mitigation is to apply the firmware update.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- NETGEAR/NETGEAR devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.