Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.63, DM200 before 1.0.0.61, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.68, and WNR2000v5 before 1.0.0.66.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
04 Jan 2021, 15:55
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://kb.netgear.com/000062708/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Range-Extenders-PSV-2018-0158 - Vendor Advisory | |
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 4.8 |
CPE | cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wn3000rpv2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:wn3000rpv2:-:*:*:*:*:*:*:* |
30 Dec 2020, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2020-12-30 00:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-35808
Mitre link : CVE-2020-35808
CVE.ORG link : CVE-2020-35808
JSON object : View
Products Affected
netgear
- wnr2000v5
- dm200
- r8900_firmware
- r7800_firmware
- r9000_firmware
- wn3000rpv2
- r8900
- dm200_firmware
- r7800
- wnr2000v5_firmware
- wn3000rpv2_firmware
- d6100_firmware
- r9000
- d6100
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')