CVE-2020-35842

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62.

Published: Dec 30, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-35842
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
netgear / d6200_firmware	-	1.1.00.38
netgear / d7000_firmware	-	1.0.1.78
netgear / jnr1010v2_firmware	-	1.1.0.62
netgear / jr6150_firmware	-	1.0.1.24
netgear / jwnr2010v5_firmware	-	1.1.0.62
netgear / r6020_firmware	-	1.0.0.42
netgear / r6050_firmware	-	1.0.1.24
netgear / r6080_firmware	-	1.0.0.42
netgear / r6120_firmware	-	1.0.0.66
netgear / r6220_firmware	-	1.1.0.100
netgear / r6260_firmware	-	1.1.0.76
netgear / wnr1000v4_firmware	-	1.1.0.62
netgear / wnr2020_firmware	-	1.1.0.62
netgear / wnr2050_firmware	-	1.1.0.62

https://kb.netgear.com/000062713/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0015

Vulnerability Database

289,697

CVE-2020-35842