Stored Cross-Site Scripting Vulnerability in NETGEAR Routers and Extenders
CVE-2020-26918

4.1MEDIUM

Key Information:

Vendor: Netgear
Status: Ex7000 Firmware
Vendor: CVE Published:; 9 October 2020

Summary

Certain NETGEAR routers and extenders are susceptible to stored Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts. This can lead to unauthorized data access and session hijacking, posing a significant risk to users. Affected models include EX7000, R6250, R6400, R6400v2, R6700v3, R7100LG, R7300DST, R7900, R8300, and R8500, all vulnerable if not updated to their respective patched versions.

References

https://kb.netgear.com/000062335/Security-Advisory-for-St...

x_refsource_MISC

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 9, 2020
Vulnerability Reserved
Oct 9, 2020