Stored XSS Vulnerability in NETGEAR WiFi Systems
CVE-2019-20639

6MEDIUM

Key Information:

Vendor
Netgear
Status
Rbr50 Firmware
Vendor
CVE Published:
15 April 2020

Summary

Certain NETGEAR WiFi systems are susceptible to a stored Cross-Site Scripting (XSS) vulnerability, which could allow attackers to inject malicious scripts into the user's browser. This issue affects specific models, including RBR50, RBS50, and RBK50, all of which are running firmware versions prior to 2.3.5.30. The consequences of exploitation may include unauthorized access to sensitive user information and manipulation of user sessions.

References

https://kb.netgear.com/000061505/Security-Advisory-for-St...
x_refsource_CONFIRM

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.