Stored Cross-Site Scripting Vulnerability in NETGEAR R9000 Devices
CVE-2019-20759

7.4HIGH

Key Information:

Vendor: Netgear
Status: R9000 Firmware
Vendor: CVE Published:; 16 April 2020

Summary

The NETGEAR R9000 devices, prior to version 1.0.4.26, are susceptible to a stored cross-site scripting vulnerability that can be exploited by attackers to inject malicious scripts. This security flaw allows unauthorized users to execute arbitrary JavaScript code in the context of a user's session, potentially leading to data theft, session hijacking, or other malicious activity. Users are advised to update their devices to the latest firmware to mitigate this risk.

References

https://kb.netgear.com/000060640/Security-Advisory-for-St...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2020
Vulnerability Reserved
Apr 15, 2020