Stored Cross-Site Scripting Vulnerability in NETGEAR RAX40 Devices
CVE-2019-20645

4.2MEDIUM

Key Information:

Vendor: Netgear
Status: Rax40 Firmware
Vendor: CVE Published:; 15 April 2020

Summary

The NETGEAR RAX40 router is vulnerable to a stored cross-site scripting (XSS) attack, which could allow an attacker to inject malicious scripts into web pages viewed by other users. This vulnerability affects all devices running firmware versions prior to 1.0.3.62. Successful exploitation allows attackers to potentially steal sensitive information and perform actions on behalf of unsuspecting users. Users are advised to apply the latest firmware updates to mitigate this vulnerability.

References

https://kb.netgear.com/000061497/Security-Advisory-for-St...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Apr 15, 2020