Stored Cross-Site Scripting in NETGEAR RAX40 Routers
CVE-2019-20644

4.2MEDIUM

Key Information:

Vendor: Netgear
Status: Rax40 Firmware
Vendor: CVE Published:; 15 April 2020

What is CVE-2019-20644?

The NETGEAR RAX40 router is susceptible to a stored cross-site scripting (XSS) flaw due to improper validation of user input. This vulnerability allows attackers to inject malicious scripts into pages that are served to users, which can lead to unauthorized actions or disclose sensitive information. Users of affected devices should ensure that they are running the latest firmware to mitigate the risk. Refer to the NETGEAR security advisory for detailed information and recommended actions.

References

https://kb.netgear.com/000061498/Security-Advisory-for-St...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Apr 15, 2020

JSON

Netgear

What is CVE-2019-20644?

References

CVSS V3.1

Timeline