CVE-2018-21209

Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
mitreCNA
4.8 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
netgearjnr1010_firmware
𝑥
< 1.1.0.46
netgearjr6150_firmware
𝑥
< 1.0.1.10
netgearjwnr2010_firmware
𝑥
< 1.1.0.46
netgearpr2000_firmware
𝑥
< 1.0.0.20
netgearr6050_firmware
𝑥
< 1.0.1.10
netgearr6220_firmware
𝑥
< 1.1.0.60
netgearwndr3700_firmware
𝑥
< 1.1.0.50
netgearwnr1000_firmware
𝑥
< 1.1.0.46
netgearwnr2020_firmware
𝑥
< 1.1.0.46
netgearwnr2050_firmware
𝑥
< 1.1.0.46
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514
https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514