6.9
CVE-2020-35840
- EPSS 0.34%
- Published 30.12.2020 00:15:16
- Last modified 21.11.2024 05:28:16
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62.
Data is provided by the National Vulnerability Database (NVD)
Netgear ≫ D6200 Firmware Version < 1.1.00.38
Netgear ≫ D7000 Firmware Version < 1.0.1.78
Netgear ≫ Jnr1010v2 Firmware Version < 1.1.0.62
Netgear ≫ Jr6150 Firmware Version < 1.0.1.24
Netgear ≫ Jwnr2010v5 Firmware Version < 1.1.0.62
Netgear ≫ R6020 Firmware Version < 1.0.0.42
Netgear ≫ R6050 Firmware Version < 1.0.1.24
Netgear ≫ R6080 Firmware Version < 1.0.0.42
Netgear ≫ R6120 Firmware Version < 1.0.0.66
Netgear ≫ R6220 Firmware Version < 1.1.0.100
Netgear ≫ R6260 Firmware Version < 1.1.0.76
Netgear ≫ Wnr1000v4 Firmware Version < 1.1.0.62
Netgear ≫ Wnr2020 Firmware Version < 1.1.0.62
Netgear ≫ Wnr2050 Firmware Version < 1.1.0.62
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.539 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
| cve@mitre.org | 6.9 | 1.7 | 4.7 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.