PT-2020-17481 · NetGear · Jnr1010V2+17

Published

2020-12-29

Updated

2021-01-04

CVE-2020-35841

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions NETGEAR D6200 versions 1.1.00.37 and earlier NETGEAR D7000 versions 1.0.1.77 and earlier NETGEAR JNR1010v2 versions 1.1.0.61 and earlier NETGEAR JR6150 versions 1.0.1.23 and earlier NETGEAR JWNR2010v5 versions 1.1.0.61 and earlier NETGEAR R6020 versions 1.0.0.41 and earlier NETGEAR R6050 versions 1.0.1.23 and earlier NETGEAR R6080 versions 1.0.0.41 and earlier NETGEAR R6120 versions 1.0.0.65 and earlier NETGEAR R6220 versions 1.1.0.99 and earlier NETGEAR R6260 versions 1.1.0.75 and earlier NETGEAR R6700v2 versions 1.2.0.61 and earlier NETGEAR R6800 versions 1.2.0.61 and earlier NETGEAR R6900v2 versions 1.2.0.61 and earlier NETGEAR R7450 versions 1.2.0.61 and earlier NETGEAR WNR1000v4 versions 1.1.0.61 and earlier NETGEAR WNR2020 versions 1.1.0.61 and earlier NETGEAR WNR2050 versions 1.1.0.61 and earlier

Description The issue is related to stored XSS, which affects certain NETGEAR devices.

Recommendations For NETGEAR D6200 version 1.1.00.37 and earlier, update to version 1.1.00.38 or later. For NETGEAR D7000 version 1.0.1.77 and earlier, update to version 1.0.1.78 or later. For NETGEAR JNR1010v2 version 1.1.0.61 and earlier, update to version 1.1.0.62 or later. For NETGEAR JR6150 version 1.0.1.23 and earlier, update to version 1.0.1.24 or later. For NETGEAR JWNR2010v5 version 1.1.0.61 and earlier, update to version 1.1.0.62 or later. For NETGEAR R6020 version 1.0.0.41 and earlier, update to version 1.0.0.42 or later. For NETGEAR R6050 version 1.0.1.23 and earlier, update to version 1.0.1.24 or later. For NETGEAR R6080 version 1.0.0.41 and earlier, update to version 1.0.0.42 or later. For NETGEAR R6120 version 1.0.0.65 and earlier, update to version 1.0.0.66 or later. For NETGEAR R6220 version 1.1.0.99 and earlier, update to version 1.1.0.100 or later. For NETGEAR R6260 version 1.1.0.75 and earlier, update to version 1.1.0.76 or later. For NETGEAR R6700v2 version 1.2.0.61 and earlier, update to version 1.2.0.62 or later. For NETGEAR R6800 version 1.2.0.61 and earlier, update to version 1.2.0.62 or later. For NETGEAR R6900v2 version 1.2.0.61 and earlier, update to version 1.2.0.62 or later. For NETGEAR R7450 version 1.2.0.61 and earlier, update to version 1.2.0.62 or later. For NETGEAR WNR1000v4 version 1.1.0.61 and earlier, update to version 1.1.0.62 or later. For NETGEAR WNR2020 version 1.1.0.61 and earlier, update to version 1.1.0.62 or later. For NETGEAR WNR2050 version 1.1.0.61 and earlier, update to version 1.1.0.62 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-35841

Affected Products

D6200

D7000

Jnr1010V2

Jr6150

Jwnr2010V5

R6020

R6050

R6080

R6120

R6220

R6260

R6700V2

R6800

R6900V2

R7450

Wnr1000V4

Wnr2020

Wnr2050

PT-2020-17481 · NetGear · Jnr1010V2+17

CVE-2020-35841

Weakness Enumeration

Related Identifiers

Affected Products

References · 3