CVE-2020-26917

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 56.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Netgear Ex7000 FirmwareNetgear R6250 FirmwareNetgear R6400 Firmware+6 more
Timeline
PublishedOct 9
Latest updateMay 24

Description

Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:LExploitability: 0.7 | Impact: 3.4

Affected Packages9 packages

NVDnetgear/r6400v2_firmware< 1.0.2.66
NVDnetgear/r6250_firmware< 1.0.4.34
NVDnetgear/r6400_firmware< 1.0.1.46
NVDnetgear/r7900_firmware< 1.0.3.8
NVDnetgear/r8300_firmware< 1.0.2.128

🔴Vulnerability Details

2
GHSA
GHSA-2rr6-rqrq-g5r8: Certain NETGEAR devices are affected by stored XSS2022-05-24
CVEList
CVE-2020-26917: Certain NETGEAR devices are affected by stored XSS2020-10-09
CVE-2020-26917 (MEDIUM CVSS 4.8) | Certain NETGEAR devices are affecte | cvebase.io