Reflected XSS Vulnerability in NETGEAR Routers and Extenders
CVE-2019-20756

7.1HIGH

Key Information:

Vendor: Netgear
Status: Ex7000 Firmware
Vendor: CVE Published:; 16 April 2020

What is CVE-2019-20756?

Certain NETGEAR routers and extenders are susceptible to a reflected XSS vulnerability, which could allow attackers to execute scripts in the context of a user’s session. This affects a range of devices, including models such as EX7000, R7000P, and WNDR3400v3, among others, specifically those running outdated firmware. When exploited, this vulnerability can enable malicious actors to manipulate user data or redirect users to harmful websites, posing a significant security risk for NETGEAR users. It's critical for users to update their device firmware to mitigate the risks associated with this vulnerability.

References

https://kb.netgear.com/000060643/Security-Advisory-for-Re...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2020
Vulnerability Reserved
Apr 15, 2020

Netgear

What is CVE-2019-20756?

References

CVSS V3.1

Timeline