CVE-2020-35840

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62.

CVSS v3.0 5.4 MEDIUM
CVSS v2.0 3.5 LOW

5.4^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://kb.netgear.com/000062711/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0010	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:d6200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d6200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:d7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:jnr1010v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jnr1010v2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jr6150:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netgear:jwnr2010v5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jwnr2010v5:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netgear:r6020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6020:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netgear:r6050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6050:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netgear:r6080_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6080:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6120:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netgear:wnr1000v4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr1000v4:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netgear:wnr2020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netgear:wnr2050_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*

Information

Published : 2020-12-29 16:15

Updated : 2020-12-31 12:13

NVD link : CVE-2020-35840

Mitre link : CVE-2020-35840

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

netgear

d6200
r6120_firmware
r6220
wnr2050
r6260
d7000_firmware
jr6150_firmware
wnr2020_firmware
r6080
r6050
wnr2050_firmware
jr6150
r6020_firmware
wnr1000v4_firmware
r6020
wnr1000v4
r6080_firmware
d7000
wnr2020
jnr1010v2_firmware
r6260_firmware
r6050_firmware
jwnr2010v5
jnr1010v2
d6200_firmware
jwnr2010v5_firmware
r6120
r6220_firmware

5.4 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2020-35840

5.4^/10

3.5^/10

Attach tags to `CVE-2020-35840`