PT-2020-10468 · NetGear · Netgear Wnr1000V4
Published
2020-03-02
·
Updated
2020-03-04
·
CVE-2019-20486
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
NETGEAR WNR1000V4 version 1.1.0.54
Description
An issue was discovered where multiple pages within the web management console, specifically
setup.cgi and adv index.htm, are vulnerable to stored XSS. This is demonstrated by the configuration of the UI language.Recommendations
For NETGEAR WNR1000V4 version 1.1.0.54, as a temporary workaround, consider restricting access to the vulnerable pages,
setup.cgi and adv index.htm, until a patch is available. Avoid using the web management console to configure the UI language until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Wnr1000V4