CVE-2020-35841Cross-site Scripting in Netgear D6200 Firmware

CWE-79Cross-site Scripting3 documents3 sources
Severity
7.6HIGHNVD
CNA6.9
EPSS
0.3%
top 42.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Netgear D6200 FirmwareNetgear D7000 FirmwareNetgear Jnr1010v2 Firmware+15 more
Timeline
PublishedDec 30
Latest updateMay 24

Description

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:NExploitability: 2.3 | Impact: 4.7

Affected Packages18 packages

NVDnetgear/d6200_firmware< 1.1.00.38
NVDnetgear/d7000_firmware< 1.0.1.78
NVDnetgear/r6020_firmware< 1.0.0.42
NVDnetgear/r6050_firmware< 1.0.1.24
NVDnetgear/r6080_firmware< 1.0.0.42

🔴Vulnerability Details

2
GHSA
GHSA-8q35-pvh9-gxxg: Certain NETGEAR devices are affected by stored XSS2022-05-24
CVEList
CVE-2020-35841: Certain NETGEAR devices are affected by stored XSS2020-12-29
CVE-2020-35841 — Cross-site Scripting in Netgear | cvebase