Lucene search

[email protected]CVE-2020-35840

HistoryDec 30, 2020 - 12:15 a.m.

CVE-2020-35840

2020-12-3000:15:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-35840

netgear

stored xss

d6200

d7000

jnr1010v2

jr6150

jwnr2010v5

r6020

r6050

r6080

r6120

r6220

r6260

wnr1000v4

wnr2020

wnr2050

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

22.4%

JSON

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62.

CPENameOperatorVersion
netgear:d6200_firmwarenetgear d6200 firmwarelt1.1.00.38
netgear:d7000_firmwarenetgear d7000 firmwarelt1.0.1.78
netgear:jnr1010v2_firmwarenetgear jnr1010v2 firmwarelt1.1.0.62
netgear:jr6150_firmwarenetgear jr6150 firmwarelt1.0.1.24
netgear:jwnr2010v5_firmwarenetgear jwnr2010v5 firmwarelt1.1.0.62
netgear:r6020_firmwarenetgear r6020 firmwarelt1.0.0.42
netgear:r6050_firmwarenetgear r6050 firmwarelt1.0.1.24
netgear:r6080_firmwarenetgear r6080 firmwarelt1.0.0.42
netgear:r6120_firmwarenetgear r6120 firmwarelt1.0.0.66
netgear:r6220_firmwarenetgear r6220 firmwarelt1.1.0.100

CPE	Name	Operator	Version
netgear:d6200_firmware	netgear d6200 firmware	lt	1.1.00.38
netgear:d7000_firmware	netgear d7000 firmware	lt	1.0.1.78
netgear:jnr1010v2_firmware	netgear jnr1010v2 firmware	lt	1.1.0.62
netgear:jr6150_firmware	netgear jr6150 firmware	lt	1.0.1.24
netgear:jwnr2010v5_firmware	netgear jwnr2010v5 firmware	lt	1.1.0.62
netgear:r6020_firmware	netgear r6020 firmware	lt	1.0.0.42
netgear:r6050_firmware	netgear r6050 firmware	lt	1.0.1.24
netgear:r6080_firmware	netgear r6080 firmware	lt	1.0.0.42
netgear:r6120_firmware	netgear r6120 firmware	lt	1.0.0.66
netgear:r6220_firmware	netgear r6220 firmware	lt	1.1.0.100

Rows per page:

1-10 of 141

References

kb.netgear.com/000062711/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0010

Social References

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

22.4%

JSON

Related for CVE-2020-35840

prion1 cvelist1