ID
VAR-202203-0476
CVE
CVE-2021-46382
TITLE
NETGEAR WAC120 Cross-Site Scripting Vulnerability
Trust: 1.2
sources:
CNVD: CNVD-2022-20159 //
CNNVD: CNNVD-202203-465
DESCRIPTION
Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. of netgear wac120 ac Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Netgear NETGEAR WAC120 is a wireless access point (AP) from Netgear. No detailed vulnerability details are currently provided
Trust: 2.16
sources:
NVD: CVE-2021-46382 //
JVNDB: JVNDB-2022-006514 //
CNVD: CNVD-2022-20159
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2022-20159
AFFECTED PRODUCTS
| vendor: | netgear | model: | wac120 ac | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | ネットギア | model: | wac120 ac | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | ネットギア | model: | wac120 ac | scope: | eq | version: | wac120 ac firmware | Trust: 0.8 |
| vendor: | ネットギア | model: | wac120 ac | scope: | - | version: | - | Trust: 0.8 |
| vendor: | netgear | model: | wac120 ac | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2022-20159 //
JVNDB: JVNDB-2022-006514 //
NVD: CVE-2021-46382
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2022-20159 //
JVNDB: JVNDB-2022-006514 //
CNNVD: CNNVD-202203-465 //
NVD: CVE-2021-46382
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.0 |
| problemtype: | Cross-site scripting (CWE-79) [NVD evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-006514 //
NVD: CVE-2021-46382
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202203-465
TYPE
XSS
Trust: 0.6
sources:
CNNVD: CNNVD-202203-465
PATCH
| title: | Patch for NETGEAR WAC120 Cross-Site Scripting Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/325896 | Trust: 0.6 |
| title: | NETGEAR WAC120 Fixes for cross-site scripting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184814 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-20159 //
CNNVD: CNNVD-202203-465
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-46382 | Trust: 3.8 |
| db: | JVNDB | id: | JVNDB-2022-006514 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2022-20159 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202203-465 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-20159 //
JVNDB: JVNDB-2022-006514 //
CNNVD: CNNVD-202203-465 //
NVD: CVE-2021-46382
REFERENCES
| url: | https://drive.google.com/drive/folders/1noiot8ye_hdolvyhchml5e2za3oo6v9y?usp=sharing | Trust: 2.4 |
| url: | https://www.netgear.com/about/security/ | Trust: 2.4 |
| url: | https://cxsecurity.com/cveshow/cve-2021-46382/ | Trust: 1.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-46382 | Trust: 0.8 |
sources:
CNVD: CNVD-2022-20159 //
JVNDB: JVNDB-2022-006514 //
CNNVD: CNNVD-202203-465 //
NVD: CVE-2021-46382
SOURCES
| db: | CNVD | id: | CNVD-2022-20159 |
| db: | JVNDB | id: | JVNDB-2022-006514 |
| db: | CNNVD | id: | CNNVD-202203-465 |
| db: | NVD | id: | CVE-2021-46382 |
LAST UPDATE DATE
2024-11-23T22:54:42.204000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2022-20159 | date: | 2022-03-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-006514 | date: | 2023-07-05T08:10:00 |
| db: | CNNVD | id: | CNNVD-202203-465 | date: | 2022-03-16T00:00:00 |
| db: | NVD | id: | CVE-2021-46382 | date: | 2024-11-21T06:34:00.533 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2022-20159 | date: | 2022-03-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-006514 | date: | 2023-07-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-202203-465 | date: | 2022-03-04T00:00:00 |
| db: | NVD | id: | CVE-2021-46382 | date: | 2022-03-04T16:15:10.173 |