Stored XSS via DHCP Discover Request Hostname
CVE-2019-12513

6.1MEDIUM

Key Information:

Vendor: Netgear
Status: Nighthawk X10-r9000 Firmware
Vendor: CVE Published:; 24 February 2020

Summary

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious hostname. This log entry may then be viewed at Advanced settings->Administration->Logs to trigger the exploit. Although this value is inserted into a textarea tag, converted to all-caps, and limited in length, attacks are still possible.

References

https://www.ise.io/casestudies/sohopelessly-broken-2-0/

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 24, 2020
Vulnerability Reserved
Jun 1, 2019