Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-26918

Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.

Published

2020-10-09T07:15:17.543

Last Modified

2024-11-21T05:20:29.643

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

6.8

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear ex7000_firmware < 1.0.1.78 Yes
Hardware netgear ex7000 - No
Operating System netgear r6250_firmware < 1.0.4.34 Yes
Hardware netgear r6250 - No
Operating System netgear r6400_firmware < 1.0.1.46 Yes
Hardware netgear r6400 - No
Operating System netgear r6400v2_firmware < 1.0.2.66 Yes
Hardware netgear r6400v2 - No
Operating System netgear r6700v3_firmware < 1.0.2.66 Yes
Hardware netgear r6700v3 - No
Operating System netgear r7100lg_firmware < 1.0.0.50 Yes
Hardware netgear r7100lg - No
Operating System netgear r7300dst_firmware < 1.0.0.70 Yes
Hardware netgear r7300dst - No
Operating System netgear r7900_firmware < 1.0.3.8 Yes
Hardware netgear r7900 - No
Operating System netgear r8300_firmware < 1.0.2.128 Yes
Hardware netgear r8300 - No
Operating System netgear r8500_firmware < 1.0.2.128 Yes
Hardware netgear r8500 - No
References