PT-2020-8294 · NetGear · Netgear R8500+8

Fmast

Published

2020-04-23

Updated

2020-04-23

CVE-2017-18745

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: NETGEAR R6400 versions prior to 1.0.1.14 NETGEAR R6700 versions prior to 1.0.1.22 NETGEAR R6900 versions prior to 1.0.1.22 NETGEAR R7000 versions prior to 1.0.9.4 NETGEAR R7100LG versions prior to 1.0.0.32 NETGEAR R7300DST versions prior to 1.0.0.56 NETGEAR R7900 versions prior to 1.0.1.12 NETGEAR R8000 versions prior to 1.0.3.24 NETGEAR R8500 versions prior to 1.0.2.74

Description: The issue is related to stored XSS, affecting certain NETGEAR devices.

Recommendations: For NETGEAR R6400 version prior to 1.0.1.14, update to version 1.0.1.14 or later. For NETGEAR R6700 version prior to 1.0.1.22, update to version 1.0.1.22 or later. For NETGEAR R6900 version prior to 1.0.1.22, update to version 1.0.1.22 or later. For NETGEAR R7000 version prior to 1.0.9.4, update to version 1.0.9.4 or later. For NETGEAR R7100LG version prior to 1.0.0.32, update to version 1.0.0.32 or later. For NETGEAR R7300DST version prior to 1.0.0.56, update to version 1.0.0.56 or later. For NETGEAR R7900 version prior to 1.0.1.12, update to version 1.0.1.12 or later. For NETGEAR R8000 version prior to 1.0.3.24, update to version 1.0.3.24 or later. For NETGEAR R8500 version prior to 1.0.2.74, update to version 1.0.2.74 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-18745

Affected Products

Netgear R6400

Netgear R6700

Netgear R6900P

Netgear R7000

Netgear R7100Lg

Netgear R7300Dst

Netgear R7900

Netgear R8000

Netgear R8500

PT-2020-8294 · NetGear · Netgear R8500+8

CVE-2017-18745

Weakness Enumeration

Related Identifiers

Affected Products

References · 5