CVE-2021-45665 in EAX20info

Summary

by MITRE • 12/26/2021

Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 12/30/2021

The vulnerability CVE-2021-45665 represents a stored cross-site scripting flaw affecting numerous NETGEAR networking devices, specifically targeting models including EAX20, EAX80, EX3700, EX3800, EX6120, EX6130, EX7500, and various RBW30, RBK752, RBR750, RBS750, RBK852, RBR850, RBS850, and RBS40V series devices. This vulnerability falls under the CWE-79 category of Cross-Site Scripting, where malicious code can be injected into web applications and subsequently executed in the context of other users' browsers. The affected firmware versions indicate that these devices have not received adequate security patches to protect against persistent XSS attacks that can compromise user sessions and potentially lead to full system compromise.

The technical exploitation of this vulnerability occurs when an attacker can inject malicious JavaScript code into input fields or parameters within the device's web interface that are then stored and later executed when other users access the affected pages. This stored nature makes the attack particularly dangerous as it can affect multiple users over time without requiring repeated exploitation attempts. The vulnerability is particularly concerning for network infrastructure devices since they often contain sensitive configuration data and may be accessed by authorized personnel with elevated privileges. Attackers could leverage this flaw to steal session cookies, redirect users to malicious sites, or even inject commands that could manipulate device settings or extract confidential information from the device's management interface.

The operational impact of this vulnerability extends beyond simple data theft or session hijacking, as it represents a fundamental security weakness in network infrastructure equipment that could enable attackers to establish persistent access to corporate or residential networks. When considering the ATT&CK framework, this vulnerability maps to T1071.004 Application Layer Protocol: DNS and potentially T1566 Phishing, as attackers could craft malicious web pages to deliver payloads. The widespread nature of affected models suggests that organizations may have extensive exposure across their network infrastructure, potentially affecting thousands of devices in both enterprise and home environments. Network administrators face significant challenges in identifying all affected devices and applying patches, particularly in large deployments where device inventory tracking may be inadequate.

Mitigation strategies for CVE-2021-45665 should prioritize immediate firmware updates from NETGEAR to address the stored XSS vulnerability in affected device models. Organizations should implement network segmentation to isolate affected devices from critical network segments and establish monitoring procedures to detect potential exploitation attempts. Security teams should conduct comprehensive inventory audits to identify all affected devices across the network infrastructure and ensure that firmware updates are applied systematically. Additionally, implementing web application firewalls and content security policies can provide additional protection layers against exploitation attempts. Regular security assessments and vulnerability scanning should be conducted to identify similar weaknesses in other network equipment, as this vulnerability demonstrates the importance of maintaining current firmware versions for network infrastructure devices. The incident underscores the critical need for manufacturers to provide timely security updates and for organizations to maintain robust patch management processes for their networking equipment.

Responsible

MITRE

Reservation

12/25/2021

Disclosure

12/26/2021

Moderation

accepted

CPE

ready

EPSS

0.00418

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!