Stored Cross-Site Scripting Vulnerability in NETGEAR Routers and Extenders
CVE-2020-35808

4.8MEDIUM

Key Information:

Vendor: Netgear
Status: D6100 Firmware
Vendor: CVE Published:; 30 December 2020

Summary

Certain NETGEAR devices are susceptible to stored cross-site scripting (XSS) vulnerabilities. This issue allows attackers to inject malicious scripts into web pages, which may then execute when users access these pages, potentially compromising sensitive information and user sessions. The affected devices include popular models such as the D6100, DM200, R7800, R8900, R9000, WN3000RPv2, and WNR2000v5, all of which require firmware updates to mitigate these threats.

References

https://kb.netgear.com/000062708/Security-Advisory-for-St...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 30, 2020
Vulnerability Reserved
Dec 29, 2020