Stored Cross-Site Scripting in NETGEAR Wi-Fi Systems
CVE-2019-20668

6MEDIUM

Key Information:

Vendor: Netgear
Status: Rbr20 Firmware
Vendor: CVE Published:; 15 April 2020

Summary

Certain NETGEAR Wi-Fi systems are vulnerable to stored Cross-Site Scripting (XSS), allowing attackers to inject malicious scripts into the affected devices. This could lead to unauthorized access or exploitation of user sessions, impacting the security of the affected networks. Ensure that devices are updated to the latest firmware versions to mitigate these risks.

References

https://kb.netgear.com/000061471/Security-Advisory-for-St...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Apr 15, 2020