CVE-2019-20756

Published: Apr 16, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Certain NETGEAR devices are affected by reflected XSS. This affects EX7000 before 1.0.0.64, EX6200 before 1.0.3.86, EX6150 before 1.0.0.38, EX6130 before 1.0.0.22, EX6120 before 1.0.0.40, EX6100 before 1.0.2.22, EX6000 before 1.0.0.30, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, R8300 before 1.0.2.94, R7300DST before 1.0.0.62, R7000P before 1.3.0.20, R6900P before 1.3.0.20, R6400 before 1.0.1.32, R6300v2 before 1.0.4.24, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.18, and WN2500RPv2 before 1.0.1.52.

Affected (18)

Products: Netgear: Ex7000 Firmware, Ex6200 Firmware, Ex6150 Firmware, Ex6130 Firmware, Ex6120 Firmware, Ex6100 Firmware, Ex6000 Firmware, Ex3700 Firmware, Ex3800 Firmware, R8300 Firmware, R7300dst Firmware, R7000p Firmware, R6900p Firmware, R6400 Firmware, R6300 Firmware, R8500 Firmware, Wndr3400 Firmware, Wn2500rp Firmware

18 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex7000 Firmware	Before 1.0.0.64

Running on/with	Platform Versions
Netgear Ex7000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6200 Firmware	Before 1.0.3.86

Running on/with	Platform Versions
Netgear Ex6200	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6150 Firmware	Before 1.0.0.38

Running on/with	Platform Versions
Netgear Ex6150	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6130 Firmware	Before 1.0.0.22

Running on/with	Platform Versions
Netgear Ex6130	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6120 Firmware	Before 1.0.0.40

Running on/with	Platform Versions
Netgear Ex6120	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6100 Firmware	Before 1.0.2.22

Running on/with	Platform Versions
Netgear Ex6100	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex6000 Firmware	Before 1.0.0.30

Running on/with	Platform Versions
Netgear Ex6000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex3700 Firmware	Before 1.0.0.70

Running on/with	Platform Versions
Netgear Ex3700	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Ex3800 Firmware	Before 1.0.0.70

Running on/with	Platform Versions
Netgear Ex3800	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8300 Firmware	Before 1.0.2.94

Running on/with	Platform Versions
Netgear R8300	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7300dst Firmware	Before 1.0.0.62

Running on/with	Platform Versions
Netgear R7300dst	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R7000p Firmware	Before 1.3.0.20

Running on/with	Platform Versions
Netgear R7000p	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6900p Firmware	Before 1.3.0.20

Running on/with	Platform Versions
Netgear R6900p	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6400 Firmware	Before 1.0.1.32

Running on/with	Platform Versions
Netgear R6400	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R6300 Firmware	Before 1.0.4.24

Running on/with	Platform Versions
Netgear R6300	Version v2

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear R8500 Firmware	Before 1.0.2.94

Running on/with	Platform Versions
Netgear R8500	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wndr3400 Firmware	Before 1.0.1.18

Running on/with	Platform Versions
Netgear Wndr3400	Version v3

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Wn2500rp Firmware	Before 1.0.1.52

Running on/with	Platform Versions
Netgear Wn2500rp	Version v2

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://kb.netgear.com/000060643/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-0709

Source: cve@mitre.org

Vendor Advisory

https://kb.netgear.com/000060643/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-and-Extenders-PSV-2017-0709

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.