← Back

CVE-2020-35840

nvd nist
Published: Dec 30, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62.

Affected (14)

Netgear
14 products
D6200 Firmware
D7000 Firmware
Jnr1010v2 Firmware
Jr6150 Firmware
Jwnr2010v5 Firmware
R6020 Firmware
R6050 Firmware
R6080 Firmware
R6120 Firmware
R6220 Firmware
R6260 Firmware
Wnr1000v4 Firmware
Wnr2020 Firmware
Wnr2050 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D6200 Firmware
Before 1.1.00.38
Running on/withPlatform Versions
Netgear
D6200
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
D7000 Firmware
Before 1.0.1.78
Running on/withPlatform Versions
Netgear
D7000
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jnr1010v2 Firmware
Before 1.1.0.62
Running on/withPlatform Versions
Netgear
Jnr1010v2
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jr6150 Firmware
Before 1.0.1.24
Running on/withPlatform Versions
Netgear
Jr6150
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jwnr2010v5 Firmware
Before 1.1.0.62
Running on/withPlatform Versions
Netgear
Jwnr2010v5
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6020 Firmware
Before 1.0.0.42
Running on/withPlatform Versions
Netgear
R6020
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6050 Firmware
Before 1.0.1.24
Running on/withPlatform Versions
Netgear
R6050
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6080 Firmware
Before 1.0.0.42
Running on/withPlatform Versions
Netgear
R6080
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6120 Firmware
Before 1.0.0.66
Running on/withPlatform Versions
Netgear
R6120
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6220 Firmware
Before 1.1.0.100
Running on/withPlatform Versions
Netgear
R6220
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
R6260 Firmware
Before 1.1.0.76
Running on/withPlatform Versions
Netgear
R6260
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wnr1000v4 Firmware
Before 1.1.0.62
Running on/withPlatform Versions
Netgear
Wnr1000v4
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wnr2020 Firmware
Before 1.1.0.62
Running on/withPlatform Versions
Netgear
Wnr2020
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wnr2050 Firmware
Before 1.1.0.62
Running on/withPlatform Versions
Netgear
Wnr2050
All versions

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.