CVE-2018-21095

Certain NETGEAR devices are affected by stored XSS. This affects SRR60 before 2.2.1.210 and SRS60 before 2.2.1.210.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
mitreCNA
4.3 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:R
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
netgearsrr60_firmware
𝑥
< 2.2.1.210
netgearsrs60_firmware
𝑥
< 2.2.1.210
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.netgear.com/000060458/Security-Advisory-for-Stored-Cross-Site-Scripting-on-SRS60-and-SRR60-PSV-2018-0218
https://kb.netgear.com/000060458/Security-Advisory-for-Stored-Cross-Site-Scripting-on-SRS60-and-SRR60-PSV-2018-0218