Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-20674

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

Published

2020-04-15T20:15:14.207

Last Modified

2024-11-21T04:39:02.880

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	rbr20_firmware	< 2.3.5.26	Yes
Hardware	netgear	rbr20	-	No
Operating System	netgear	rbs20_firmware	< 2.3.5.26	Yes
Hardware	netgear	rbs20	-	No
Operating System	netgear	rbk20_firmware	< 2.3.5.26	Yes
Hardware	netgear	rbk20	-	No
Operating System	netgear	rbr40_firmware	< 2.3.5.30	Yes
Hardware	netgear	rbr40	-	No
Operating System	netgear	rbs40_firmware	< 2.3.5.30	Yes
Hardware	netgear	rbs40	-	No
Operating System	netgear	rbk40_firmware	< 2.3.5.30	Yes
Hardware	netgear	rbk40	-	No
Operating System	netgear	rbr50_firmware	< 2.3.5.30	Yes
Hardware	netgear	rbr50	-	No
Operating System	netgear	rbs50_firmware	< 2.3.5.30	Yes
Hardware	netgear	rbs50	-	No
Operating System	netgear	rbk50_firmware	< 2.3.5.30	Yes
Hardware	netgear	rbk50	-	No

References

https://kb.netgear.com/000061465/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-WiFi-Systems-PSV-2018-0545 Vendor Advisory ([email protected])
https://kb.netgear.com/000061465/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-WiFi-Systems-PSV-2018-0545 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)