CVE-2018-21209 - Vulnerability Details

Vendors	Products
Netgear	Jnr1010 Jnr1010 Firmware Jr6150 Jr6150 Firmware Jwnr2010 Jwnr2010 Firmware Pr2000 Pr2000 Firmware R6050 R6050 Firmware R6220 R6220 Firmware Wndr3700 Wndr3700 Firmware Wnr1000 Wnr1000 Firmware Wnr2020 Wnr2020 Firmware Wnr2050 Wnr2050 Firmware

Link	Providers
https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-28T15:32:23", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-21209", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT", "availabilityImpact": "NONE", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514", "refsource": "CONFIRM", "url": "https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:26:38.756Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-21209", "datePublished": "2020-04-28T15:32:23", "dateReserved": "2020-04-20T00:00:00", "dateUpdated": "2024-08-05T12:26:38.756Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46. (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

attackComplexity : LOW (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.8 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:N (string)

version : 3.0 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-04-28T15:32:23 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2018-21209 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46. (string)

}

]

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : ADJACENT (string)

availabilityImpact : NONE (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:N (string)

version : 3.0 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514 (string)

refsource : CONFIRM (string)

url : https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T12:26:38.756Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2018-21209 (string)

datePublished : 2020-04-28T15:32:23 (string)

dateReserved : 2020-04-20T00:00:00 (string)

dateUpdated : 2024-08-05T12:26:38.756Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E90EB0CF-D659-435C-8BDD-379286F0351A", "versionEndExcluding": "1.1.0.46", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:*", "matchCriteriaId": "CCE79B3F-8667-43C9-962D-EE089428F144", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B5D8AD4-6C67-4DC7-99DF-B29DBA4BC376", "versionEndExcluding": "1.0.1.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*", "matchCriteriaId": "D67167E5-81D2-4892-AF41-CBB6271232D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EEBDA31-7845-4598-8E40-63CEF5037E84", "versionEndExcluding": "1.1.0.46", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:*", "matchCriteriaId": "7399E5E9-40D8-4ECD-8B7B-C96A27E10282", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDFB6345-0D0D-4586-9899-2438AADDCD3F", "versionEndExcluding": "1.0.0.20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "2451CC0C-71B2-474D-93F0-2B2ACD802FE3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB4D669D-D6C4-403E-896D-55EE4EEB7C27", "versionEndExcluding": "1.0.1.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*", "matchCriteriaId": "363D4DEE-98B9-4294-B241-1613CAD1A3A7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "14253C3A-712C-4A7E-83C4-88A6BBEF0AB2", "versionEndExcluding": "1.1.0.60", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*", "matchCriteriaId": "B131B5C8-CB7F-433B-BA32-F05CE0E92A66", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "055A63BF-1787-4B72-8416-B6F77025F738", "versionEndExcluding": "1.1.0.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:*", "matchCriteriaId": "EC5B6CB8-D439-42D5-ACAE-6246874EA5F0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "51F31B60-7B0F-41AC-9FEF-FAAD54269194", "versionEndExcluding": "1.1.0.46", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:*", "matchCriteriaId": "C8218868-273B-46DB-B636-D3F9A3768069", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "57B186F2-4D0D-44BD-9F5F-DC1D9FD12C5A", "versionEndExcluding": "1.1.0.46", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2189628-03E7-445A-9EF2-656A85539115", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "55A6E04A-1630-4C5F-8173-B6B725A59D46", "versionEndExcluding": "1.1.0.46", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*", "matchCriteriaId": "9877579C-D214-4605-93AA-2B78914CF33C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46."}, {"lang": "es", "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una vulnerabilidad de tipo XSS reflejado. Esto afecta a JNR1010v2 versiones anteriores a 1.1.0.46, JR6150 versiones anteriores a 1.0.1.10, JWNR2010v5 versiones anteriores a 1.1.0.46, PR2000 versiones anteriores a 1.0.0.20, R6050 versiones anteriores a 1.0.1. 10, R6220 versiones anteriores a 1.1.0.60, WNDR3700v5 versiones anteriores a 1.1.0.50, WNR1000v4 versiones anteriores a 1.1.0.46, WNR2020 versiones anteriores a 1.1.0.46, y WNR2050 versiones anteriores a 1.1.0.46."}], "id": "CVE-2018-21209", "lastModified": "2024-11-21T04:03:10.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "cve@mitre.org", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-28T16:15:13.810", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E90EB0CF-D659-435C-8BDD-379286F0351A (string)

versionEndExcluding : 1.1.0.46 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:jnr1010:v2:*:*:*:*:*:*:* (string)

matchCriteriaId : CCE79B3F-8667-43C9-962D-EE089428F144 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4B5D8AD4-6C67-4DC7-99DF-B29DBA4BC376 (string)

versionEndExcluding : 1.0.1.10 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D67167E5-81D2-4892-AF41-CBB6271232D1 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:jwnr2010_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8EEBDA31-7845-4598-8E40-63CEF5037E84 (string)

versionEndExcluding : 1.1.0.46 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:jwnr2010:v5:*:*:*:*:*:*:* (string)

matchCriteriaId : 7399E5E9-40D8-4ECD-8B7B-C96A27E10282 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:pr2000_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : CDFB6345-0D0D-4586-9899-2438AADDCD3F (string)

versionEndExcluding : 1.0.0.20 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:pr2000:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2451CC0C-71B2-474D-93F0-2B2ACD802FE3 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : CB4D669D-D6C4-403E-896D-55EE4EEB7C27 (string)

versionEndExcluding : 1.0.1.10 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 363D4DEE-98B9-4294-B241-1613CAD1A3A7 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 14253C3A-712C-4A7E-83C4-88A6BBEF0AB2 (string)

versionEndExcluding : 1.1.0.60 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B131B5C8-CB7F-433B-BA32-F05CE0E92A66 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wndr3700_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 055A63BF-1787-4B72-8416-B6F77025F738 (string)

versionEndExcluding : 1.1.0.50 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wndr3700:v5:*:*:*:*:*:*:* (string)

matchCriteriaId : EC5B6CB8-D439-42D5-ACAE-6246874EA5F0 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wnr1000_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 51F31B60-7B0F-41AC-9FEF-FAAD54269194 (string)

versionEndExcluding : 1.1.0.46 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wnr1000:v4:*:*:*:*:*:*:* (string)

matchCriteriaId : C8218868-273B-46DB-B636-D3F9A3768069 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 57B186F2-4D0D-44BD-9F5F-DC1D9FD12C5A (string)

versionEndExcluding : 1.1.0.46 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C2189628-03E7-445A-9EF2-656A85539115 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

9 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 55A6E04A-1630-4C5F-8173-B6B725A59D46 (string)

versionEndExcluding : 1.1.0.46 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 9877579C-D214-4605-93AA-2B78914CF33C (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46. (string)

}

1 : { »

lang : es (string)

value : Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo XSS reflejado. Esto afecta a JNR1010v2 versiones anteriores a 1.1.0.46, JR6150 versiones anteriores a 1.0.1.10, JWNR2010v5 versiones anteriores a 1.1.0.46, PR2000 versiones anteriores a 1.0.0.20, R6050 versiones anteriores a 1.0.1. 10, R6220 versiones anteriores a 1.1.0.60, WNDR3700v5 versiones anteriores a 1.1.0.50, WNR1000v4 versiones anteriores a 1.1.0.46, WNR2020 versiones anteriores a 1.1.0.46, y WNR2050 versiones anteriores a 1.1.0.46. (string)

}

]

id : CVE-2018-21209 (string)

lastModified : 2024-11-21T04:03:10.943 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.8 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 1.7 (number)

impactScore : 2.7 (number)

source : cve@mitre.org (string)

type : Secondary (string)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.8 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.7 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-04-28T16:15:13.810 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://kb.netgear.com/000055140/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-2514 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object