CVE-2019-20486

6.1MEDIUM

Key Information:

Vendor: Netgear
Status: Wnr1000 Firmware
Vendor: CVE Published:; 2 March 2020

Summary

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI language.

References

https://www.nccgroup.trust/us/about-us/newsroom-and-event...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 2, 2020
Vulnerability Reserved
Mar 2, 2020