CVE-2019-20756

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 36.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Netgear Ex3700 FirmwareNetgear Ex3800 FirmwareNetgear Ex6000 Firmware+15 more
Timeline
PublishedApr 16
Latest updateMay 24

Description

Certain NETGEAR devices are affected by reflected XSS. This affects EX7000 before 1.0.0.64, EX6200 before 1.0.3.86, EX6150 before 1.0.0.38, EX6130 before 1.0.0.22, EX6120 before 1.0.0.40, EX6100 before 1.0.2.22, EX6000 before 1.0.0.30, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, R8300 before 1.0.2.94, R7300DST before 1.0.0.62, R7000P before 1.3.0.20, R6900P before 1.3.0.20, R6400 before 1.0.1.32, R6300v2 before 1.0.4.24, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.18, and WN2500RPv2 befor

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages18 packages

NVDnetgear/r6400_firmware< 1.0.1.32
NVDnetgear/r8300_firmware< 1.0.2.94
NVDnetgear/r8500_firmware< 1.0.2.94
NVDnetgear/ex3700_firmware< 1.0.0.70
NVDnetgear/ex3800_firmware< 1.0.0.70

🔴Vulnerability Details

2
GHSA
GHSA-cmvh-xx7q-427v: Certain NETGEAR devices are affected by reflected XSS2022-05-24
CVEList
CVE-2019-20756: Certain NETGEAR devices are affected by reflected XSS2020-04-16
CVE-2019-20756 (MEDIUM CVSS 6.1) | Certain NETGEAR devices are affecte | cvebase.io