Lucene search

MitreCVE-2019-20721

HistoryApr 16, 2020 - 7:15 p.m.

CVE-2019-20721

2020-04-1619:15:25

CWE-79

mitre

web.nvd.nist.gov

cve-2019-20721

netgear

stored xss

vulnerability

nvd

security

devices

cve

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.66, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.

Affected configurations

Nvd

Node

netgeard7800_firmwareRange<1.0.1.47

AND

netgeard7800Match-

Node

netgearex2700_firmwareRange<1.0.1.48

AND

netgearex2700Match-

Node

netgearex6100_firmwareRange<1.0.1.76

AND

netgearex6100Matchv2

Node

netgearex6150_firmwareRange<1.0.1.76

AND

netgearex6150Matchv2

Node

netgearex6200_firmwareRange<1.0.1.72

AND

netgearex6200Matchv2

Node

netgearex6400_firmwareRange<1.0.2.136

AND

netgearex6400Match-

Node

netgearex7300_firmwareRange<1.0.2.136

AND

netgearex7300Match-

Node

netgearr7500_firmwareRange<1.0.3.38

AND

netgearr7500Matchv2

Node

netgearr7800_firmwareRange<1.0.2.52

AND

netgearr7800Match-

Node

netgearr8900_firmwareRange<1.0.4.12

AND

netgearr8900Match-

Node

netgearr9000_firmwareRange<1.0.4.12

AND

netgearr9000Match-

Node

netgearwn2000rpt_firmwareRange<1.0.1.32

AND

netgearwn2000rptMatchv3

Node

netgearwn3000rp_firmwareRange<1.0.0.68

AND

netgearwn3000rpMatchv2

Node

netgearwn3000rp_firmwareRange<1.0.2.70

AND

netgearwn3000rpMatchv3

Node

netgearwn3100rp_firmwareRange<1.0.0.66

AND

netgearwn3100rpMatchv2

Node

netgearwndr4300_firmwareRange<1.0.0.58

AND

netgearwndr4300Matchv2

Node

netgearwndr4500_firmwareRange<1.0.0.58

AND

netgearwndr4500Matchv3

Node

netgearxr450_firmwareRange<2.3.2.32

AND

netgearxr450Match-

Node

netgearxr500_firmwareRange<2.3.2.32

AND

netgearxr500Match-

Node

netgearwnr2000_firmwareRange<1.0.0.66

AND

netgearwnr2000Matchv5

VendorProductVersionCPE
netgeard7800_firmware*cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*
netgeard7800-cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*
netgearex2700_firmware*cpe:2.3:o:netgear:ex2700_firmware:*:*:*:*:*:*:*:*
netgearex2700-cpe:2.3:h:netgear:ex2700:-:*:*:*:*:*:*:*
netgearex6100_firmware*cpe:2.3:o:netgear:ex6100_firmware:*:*:*:*:*:*:*:*
netgearex6100v2cpe:2.3:h:netgear:ex6100:v2:*:*:*:*:*:*:*
netgearex6150_firmware*cpe:2.3:o:netgear:ex6150_firmware:*:*:*:*:*:*:*:*
netgearex6150v2cpe:2.3:h:netgear:ex6150:v2:*:*:*:*:*:*:*
netgearex6200_firmware*cpe:2.3:o:netgear:ex6200_firmware:*:*:*:*:*:*:*:*
netgearex6200v2cpe:2.3:h:netgear:ex6200:v2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	d7800_firmware	*	cpe:2.3:o:netgear:d7800_firmware::::::::
netgear	d7800	-	cpe:2.3:h:netgear:d7800:-:::::::*
netgear	ex2700_firmware	*	cpe:2.3:o:netgear:ex2700_firmware::::::::
netgear	ex2700	-	cpe:2.3:h:netgear:ex2700:-:::::::*
netgear	ex6100_firmware	*	cpe:2.3:o:netgear:ex6100_firmware::::::::
netgear	ex6100	v2	cpe:2.3:h:netgear:ex6100:v2:::::::*
netgear	ex6150_firmware	*	cpe:2.3:o:netgear:ex6150_firmware::::::::
netgear	ex6150	v2	cpe:2.3:h:netgear:ex6150:v2:::::::*
netgear	ex6200_firmware	*	cpe:2.3:o:netgear:ex6200_firmware::::::::
netgear	ex6200	v2	cpe:2.3:h:netgear:ex6200:v2:::::::*

Rows per page:

1-10 of 391

References

kb.netgear.com/000061207/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0159

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVE-2019-20721