CVE-2019-20669Cross-site Scripting in Netgear Rbk20 Firmware

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.8MEDIUMNVD
EPSS
0.4%
top 41.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Netgear Rbk20 FirmwareNetgear Rbk40 FirmwareNetgear Rbk50 Firmware+6 more
Timeline
PublishedApr 15
Latest updateMay 24

Description

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages9 packages

NVDnetgear/rbk20_firmware< 2.3.5.26
NVDnetgear/rbk40_firmware< 2.3.5.30
NVDnetgear/rbk50_firmware< 2.3.5.30
NVDnetgear/rbr20_firmware< 2.3.5.26
NVDnetgear/rbr40_firmware< 2.3.5.30

🔴Vulnerability Details

3
GHSA
GHSA-2vxg-v3f5-p55m: Certain NETGEAR devices are affected by stored XSS2022-05-24
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities2020-09-03
CVEList
CVE-2019-20669: Certain NETGEAR devices are affected by stored XSS2020-04-15
CVE-2019-20669 — Cross-site Scripting in Netgear | cvebase