CVE-2021-45676

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the web-based management interface of several NETGEAR router models. The flaw affects the following devices running firmware versions prior to the indicated fixed releases: RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126 [1]. The vulnerability allows an attacker to inject arbitrary JavaScript or HTML into stored fields that are later rendered in the admin interface.

Exploitation

An attacker must be on the same adjacent network as the target router and possess high-privilege credentials (e.g., administrator) to access the vulnerable configuration pages. The attacker then injects malicious script into a stored input field (such as a device name or other configuration parameter). User interaction is required when another administrator views the affected page, triggering the stored script [1].

Impact

Successful exploitation leads to stored XSS, enabling the attacker to execute arbitrary script in the context of the victim's browser session. This can result in low confidentiality and integrity impact (e.g., stealing session cookies or modifying settings within the same web application). The scope of the attack changes, meaning the injected script can affect resources beyond the vulnerable component [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models: RAX200 firmware 1.0.5.126, RAX20 firmware 1.0.2.82, RAX80 firmware 1.0.5.126, RAX15 firmware 1.0.2.82, and RAX75 firmware 1.0.5.126. Users should download and install the latest firmware from NETGEAR Support as soon as possible [1]. No workarounds are provided; updating is the only recommended mitigation.