CVE-2021-45673

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the web management interface of multiple NETGEAR router models. Affected devices and fixed firmware versions are: R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, R7000P before 1.3.3.140, RAX80 before 1.0.3.106, R6900P before 1.3.3.140, and RAX75 before 1.0.3.106 [1]. The vulnerability enables injection of arbitrary script content that is persistently stored on the device.

Exploitation

An authenticated attacker with administrative access to the router's web interface can inject malicious script content (e.g., JavaScript or HTML) into vulnerable input fields. This stored script subsequently executes in the context of any other administrator's browser session when the affected page is loaded, without requiring additional user interaction beyond normal administrative navigation.

Impact

Successful exploitation allows an attacker to execute arbitrary script in the browser of another authenticated administrator. This can lead to session hijacking, defacement, credential theft, or unauthorized configuration changes, potentially compromising the entire network management plane.

Mitigation

NETGEAR released fixed firmware versions for all affected models as of December 20, 2021 [1]. Users should download and install the latest firmware for their specific model from NETGEAR Support. No known workaround is available; applying the firmware update is the only mitigation. This vulnerability is not known to be listed in CISA's Known Exploited Vulnerabilities catalog.