PT-2020-12833 · NetGear · Netgear R7800+12

Aircut

·

Published

2020-04-15

·

Updated

2020-04-17

·

CVE-2020-11775

CVSS v3.1

6.0

Medium

VectorAC:L/AV:L/A:N/C:H/I:H/PR:H/S:U/UI:N
Name of the Vulnerable Software and Affected Versions NETGEAR D7800 versions prior to 1.0.1.56 NETGEAR R7500v2 versions prior to 1.0.3.46 NETGEAR R7800 versions prior to 1.0.2.68 NETGEAR R8900 versions prior to 1.0.4.28 NETGEAR R9000 versions prior to 1.0.4.28 NETGEAR RAX120 versions prior to 1.0.0.78 NETGEAR RBR20 versions prior to 2.3.5.26 NETGEAR RBS20 versions prior to 2.3.5.26 NETGEAR RBK20 versions prior to 2.3.5.26 NETGEAR RBR40 versions prior to 2.3.5.30 NETGEAR RBS40 versions prior to 2.3.5.30 NETGEAR RBK40 versions prior to 2.3.5.30 NETGEAR RBR50 versions prior to 2.3.5.30 NETGEAR RBS50 versions prior to 2.3.5.30 NETGEAR RBK50 versions prior to 2.3.5.30 NETGEAR XR500 versions prior to 2.3.2.56 NETGEAR XR700 versions prior to 1.0.1.10
Description The issue is related to stored XSS, which affects certain NETGEAR devices.
Recommendations For NETGEAR D7800 version prior to 1.0.1.56, update to version 1.0.1.56 or later. For NETGEAR R7500v2 version prior to 1.0.3.46, update to version 1.0.3.46 or later. For NETGEAR R7800 version prior to 1.0.2.68, update to version 1.0.2.68 or later. For NETGEAR R8900 version prior to 1.0.4.28, update to version 1.0.4.28 or later. For NETGEAR R9000 version prior to 1.0.4.28, update to version 1.0.4.28 or later. For NETGEAR RAX120 version prior to 1.0.0.78, update to version 1.0.0.78 or later. For NETGEAR RBR20 version prior to 2.3.5.26, update to version 2.3.5.26 or later. For NETGEAR RBS20 version prior to 2.3.5.26, update to version 2.3.5.26 or later. For NETGEAR RBK20 version prior to 2.3.5.26, update to version 2.3.5.26 or later. For NETGEAR RBR40 version prior to 2.3.5.30, update to version 2.3.5.30 or later. For NETGEAR RBS40 version prior to 2.3.5.30, update to version 2.3.5.30 or later. For NETGEAR RBK40 version prior to 2.3.5.30, update to version 2.3.5.30 or later. For NETGEAR RBR50 version prior to 2.3.5.30, update to version 2.3.5.30 or later. For NETGEAR RBS50 version prior to 2.3.5.30, update to version 2.3.5.30 or later. For NETGEAR RBK50 version prior to 2.3.5.30, update to version 2.3.5.30 or later. For NETGEAR XR500 version prior to 2.3.2.56, update to version 2.3.2.56 or later. For NETGEAR XR700 version prior to 1.0.1.10, update to version 1.0.1.10 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-11775

Affected Products

Netgear R7800
Netgear R7500V2
Netgear R8900
Netgear R9000
Netgear Rax120
Netgear Rbr20
Netgear Rbk40
Netgear Rbr50
Netgear Cbr40
Netgear Rbs40
Netgear Rbs50
Netgear Xr500
Netgear Xr700