PT-2020-5880 · NetGear · Netgear R6400V2+8
Published
2020-09-17
·
Updated
2020-10-16
·
CVE-2020-26917
CVSS v2.0
4.9
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
NETGEAR EX7000 versions 1.0.0 through 1.0.1.77
NETGEAR R6250 versions 1.0.0 through 1.0.4.33
NETGEAR R6400 versions 1.0.0 through 1.0.1.45
NETGEAR R6400v2 versions 1.0.0 through 1.0.2.65
NETGEAR R7100LG versions 1.0.0 through 1.0.0.49
NETGEAR R7300DST versions 1.0.0 through 1.0.0.69
NETGEAR R7900 versions 1.0.0 through 1.0.3.7
NETGEAR R8300 versions 1.0.0 through 1.0.2.127
NETGEAR R8500 versions 1.0.0 through 1.0.2.127
Description:
The issue is related to stored XSS, which can be exploited by a remote attacker to perform cross-site scripting attacks. This is due to the lack of protection measures for the web page structure.
Recommendations:
For NETGEAR EX7000 version 1.0.1.77 and earlier, update to version 1.0.1.78 or later.
For NETGEAR R6250 version 1.0.4.33 and earlier, update to version 1.0.4.34 or later.
For NETGEAR R6400 version 1.0.1.45 and earlier, update to version 1.0.1.46 or later.
For NETGEAR R6400v2 version 1.0.2.65 and earlier, update to version 1.0.2.66 or later.
For NETGEAR R7100LG version 1.0.0.49 and earlier, update to version 1.0.0.50 or later.
For NETGEAR R7300DST version 1.0.0.69 and earlier, update to version 1.0.0.70 or later.
For NETGEAR R7900 version 1.0.3.7 and earlier, update to version 1.0.3.8 or later.
For NETGEAR R8300 version 1.0.2.127 and earlier, update to version 1.0.2.128 or later.
For NETGEAR R8500 version 1.0.2.127 and earlier, update to version 1.0.2.128 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Ex7000
Netgear R6250
Netgear R6400
Netgear R6400V2
Netgear R7100Lg
Netgear R7300Dst
Netgear R7900
Netgear R8300
Netgear R8500