CVE-2020-26923 — Cross-site Scripting in Netgear Wc7500 Firmware

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

CNA4.3

EPSS

0.3%

top 45.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Wc7500 Firmware Netgear Wc7600 Firmware Netgear Wc7600v2 Firmware +1 more

Timeline

PublishedOct 9

Latest updateMay 24

Description

Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages4 packages

▶NVDnetgear/wc7600v2_firmware< 6.5.5.24

▶NVDnetgear/wc7500_firmware< 6.5.5.24

▶NVDnetgear/wc7600_firmware< 6.5.5.24

▶NVDnetgear/wc9500_firmware< 6.5.5.24

🔴Vulnerability Details

GHSA

GHSA-6r42-2ccv-qrfw: Certain NETGEAR devices are affected by stored XSS↗2022-05-24

▶

CVEList

CVE-2020-26923: Certain NETGEAR devices are affected by stored XSS↗2020-10-09

▶