Reflected XSS Vulnerability in NETGEAR Routers
CVE-2017-18701

5.2MEDIUM

Key Information:

Vendor: Netgear
Status: R6700 Firmware
Vendor: CVE Published:; 24 April 2020

Summary

Certain NETGEAR routers exhibit a reflected cross-site scripting vulnerability that could allow attackers to execute arbitrary scripts in the context of the victim's browser. This issue specifically affects the R6700 models prior to version 1.0.1.36 and R6900 models prior to version 1.0.1.34, posing a potential risk to users accessing vulnerable devices. Users are encouraged to update their firmware to mitigate this risk.

References

https://kb.netgear.com/000053201/Security-Advisory-for-Re...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 24, 2020
Vulnerability Reserved
Apr 20, 2020