CVE-2021-45671

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in multiple NETGEAR routers, extenders, and WiFi systems. Affected models include CBR40 (before 2.5.0.10), EAX80 (before 1.0.1.62), EX7500 (before 1.0.0.72), R7900 (before 1.0.4.38), R8000 (before 1.0.4.68), RAX200 (before 1.0.4.120), RBS40V (before 2.6.1.4), RBW30 (before 2.6.1.4), MR60 (before 1.0.6.110), RAX20 (before 1.0.2.82), RAX45 (before 1.0.2.72), RAX80 (before 1.0.4.120), MS60 (before 1.0.6.110), RAX15 (before 1.0.2.82), RAX50 (before 1.0.2.72), RAX75 (before 1.0.4.120), RBR750 (before 3.2.16.6), RBR850 (before 3.2.16.6), RBS750 (before 3.2.16.6), RBS850 (before 3.2.16.6), RBK752 (before 3.2.16.6), and RBK852 (before 3.2.16.6). The vulnerability allows an attacker to store malicious scripts in the device's web interface [1].

Exploitation

An attacker with authenticated access to the device's administrative web interface can inject malicious JavaScript into input fields that are later rendered to other users. The stored script executes when an administrator or other user views the affected page, requiring no additional user interaction [1].

Impact

Successful exploitation leads to stored cross-site scripting (XSS), enabling the attacker to execute arbitrary JavaScript in the context of the victim's browser. This can result in session hijacking, redirection to malicious sites, defacement, or theft of sensitive information [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models: CBR40 (2.5.0.10), EAX80 (1.0.1.62), EX7500 (1.0.0.72), R7900 (1.0.4.38), R8000 (1.0.4.68), RAX200 (1.0.4.120), RBS40V (2.6.1.4), RBW30 (2.6.1.4), MR60 (1.0.6.110), RAX20 (1.0.2.82), RAX45 (1.0.2.72), RAX80 (1.0.4.120), MS60 (1.0.6.110), RAX15 (1.0.2.82), RAX50 (1.0.2.72), RAX75 (1.0.4.120), RBR750 (3.2.16.6), RBR850 (3.2.16.6), RBS750 (3.2.16.6), RBS850 (3.2.16.6), RBK752 (3.2.16.6), and RBK852 (3.2.16.6). Users are strongly recommended to update their firmware to the latest version as soon as possible [1].