PT-2020-17468 · NetGear · Xr500+16

Aircut

·

Published

2020-12-29

·

Updated

2021-01-04

·

CVE-2020-35828

CVSS v3.1

6.1

Medium

VectorAC:L/AV:A/A:N/C:H/I:H/PR:H/S:U/UI:N
Name of the Vulnerable Software and Affected Versions D7800 versions 1.0.1.56 and earlier RBK20 versions 2.3.5.26 and earlier RBR20 versions 2.3.5.26 and earlier RBS20 versions 2.3.5.26 and earlier RBK40 versions 2.3.5.30 and earlier RBR40 versions 2.3.5.30 and earlier RBS40 versions 2.3.5.30 and earlier RBK50 versions 2.3.5.30 and earlier RBR50 versions 2.3.5.30 and earlier RBS50 versions 2.3.5.30 and earlier R7800 versions 1.0.2.74 and earlier R8900 versions 1.0.4.28 and earlier R9000 versions 1.0.4.28 and earlier XR500 versions 2.3.2.56 and earlier XR700 versions 1.0.1.10 and earlier RAX120 versions 1.0.0.78 and earlier R7500v2 versions 1.0.3.46 and earlier
Description The issue is related to stored XSS, affecting various NETGEAR devices.
Recommendations For D7800 version 1.0.1.56 and earlier, update to version 1.0.1.56 or later. For RBK20 version 2.3.5.26 and earlier, update to version 2.3.5.26 or later. For RBR20 version 2.3.5.26 and earlier, update to version 2.3.5.26 or later. For RBS20 version 2.3.5.26 and earlier, update to version 2.3.5.26 or later. For RBK40 version 2.3.5.30 and earlier, update to version 2.3.5.30 or later. For RBR40 version 2.3.5.30 and earlier, update to version 2.3.5.30 or later. For RBS40 version 2.3.5.30 and earlier, update to version 2.3.5.30 or later. For RBK50 version 2.3.5.30 and earlier, update to version 2.3.5.30 or later. For RBR50 version 2.3.5.30 and earlier, update to version 2.3.5.30 or later. For RBS50 version 2.3.5.30 and earlier, update to version 2.3.5.30 or later. For R7800 version 1.0.2.74 and earlier, update to version 1.0.2.74 or later. For R8900 version 1.0.4.28 and earlier, update to version 1.0.4.28 or later. For R9000 version 1.0.4.28 and earlier, update to version 1.0.4.28 or later. For XR500 version 2.3.2.56 and earlier, update to version 2.3.2.56 or later. For XR700 version 1.0.1.10 and earlier, update to version 1.0.1.10 or later. For RAX120 version 1.0.0.78 and earlier, update to version 1.0.0.78 or later. For R7500v2 version 1.0.3.46 and earlier, update to version 1.0.3.46 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-35828

Affected Products

D7800
R7500V2
R7800
R8900
R9000
Rax120
Rbk20
Rbk40
Rbk50
Rbr20
Rbr40
Rbr50
Rbs20
Rbs40
Rbs50
Xr500
Xr700