Skip to main content

Rax40 Firmware CVE-2021-38533

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-08-11 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 11, 2021 - 00:17 nvd
MEDIUM 5.4

DescriptionNVD

NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS.

AnalysisAI

NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. Affected products include: Netgear Rax40 Firmware. Version information: before 1.0.3.64.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2022-48196 CRITICAL
9.8 Dec 30

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2020-35800 CRITICAL
9.4 Dec 30

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4)

CVE-2020-26898 HIGH
8.8 Oct 09

NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings. Rated high severity

CVE-2021-45493 HIGH
7.5 Dec 26

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 7.5), this v

CVE-2021-38526 HIGH
7.5 Aug 11

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated high severity (CVSS 7.5)

CVE-2021-41449 HIGH
7.1 Dec 09

A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote

CVE-2021-45549 MEDIUM
6.8 Dec 26

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), th

CVE-2021-45672 MEDIUM
4.8 Dec 26

Certain NETGEAR devices are affected by Stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exp

CVE-2021-38537 MEDIUM
4.8 Aug 11

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exp

CVE-2021-38536 MEDIUM
4.8 Aug 11

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exp

CVE-2021-38535 MEDIUM
4.8 Aug 11

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exp

CVE-2021-45604 MEDIUM
4.5 Dec 26

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Rated medium severity (C

Share

CVE-2021-38533 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy