CVE-2021-45666 in CBR40info

Summary

by MITRE • 12/26/2021

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 12/30/2021

The vulnerability identified as CVE-2021-45666 represents a stored cross-site scripting flaw affecting multiple NETGEAR networking devices across various product lines including routers, access points, and wireless bridges. This security weakness resides in the web-based management interfaces of affected devices, specifically impacting firmware versions prior to the listed patches. The vulnerability stems from inadequate input validation and output sanitization within the device's web server components that handle user-supplied data. When malicious users submit crafted payloads through web forms or parameters, these inputs are stored within the device's memory or configuration files without proper sanitization. The stored data is then subsequently rendered in web pages without appropriate encoding or escaping mechanisms, creating an environment where malicious scripts can execute in the context of authenticated users who access the device's management interface. This vulnerability falls under CWE-79 which specifically addresses Cross-Site Scripting flaws, and aligns with ATT&CK technique T1212 for Exploitation for Credential Access, as successful exploitation could potentially lead to unauthorized access to device management functions.

The operational impact of this stored XSS vulnerability extends beyond simple script execution as it provides attackers with persistent access to device management interfaces. Once an attacker successfully injects malicious scripts into the device's stored data, these scripts will execute every time a user accesses the management interface, potentially capturing session cookies, credentials, or other sensitive information. The affected product lines span multiple generations of NETGEAR networking equipment, indicating a widespread issue that could compromise thousands of devices across enterprise and home networks. Attackers could leverage this vulnerability to redirect users to malicious sites, steal administrative credentials, or even modify device configurations to create persistent backdoors. The vulnerability is particularly concerning because it affects devices that are often deployed in environments where they are not regularly updated or monitored, and the stored nature of the exploit means that the malicious payload persists even after the initial injection.

Mitigation strategies for this vulnerability require immediate firmware updates from NETGEAR to address the XSS flaws in affected device models. Organizations should prioritize updating all impacted devices to their latest firmware versions, which typically include input validation improvements, proper output encoding, and enhanced sanitization routines. Network administrators should also implement additional monitoring and access controls around device management interfaces, including restricting access to trusted networks and implementing multi-factor authentication where possible. Security teams should conduct thorough network scans to identify all affected devices and establish monitoring procedures to detect potential exploitation attempts. The vulnerability demonstrates the importance of proper input validation and output encoding practices in web applications, particularly in embedded systems where management interfaces are often exposed to untrusted users. Organizations should also consider implementing network segmentation to limit access to device management interfaces and establish regular patch management procedures to address similar vulnerabilities in the future. This vulnerability serves as a reminder of the critical importance of secure coding practices in embedded networking equipment and the potential for persistent threats in network infrastructure devices.

Responsible

MITRE

Reservation

12/25/2021

Disclosure

12/26/2021

Moderation

accepted

CPE

ready

EPSS

0.00418

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!