CVE-2019-20486: XSS
First published: Mon Mar 02 2020(Updated: )
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI language.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear Wnr1000 Firmware | =1.1.0.54 | |
| Netgear WNR1000 | =4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-20486.
What devices are affected by this vulnerability?
NETGEAR WNR1000V4 1.1.0.54 devices are affected by this vulnerability.
What is the severity rating of CVE-2019-20486?
The severity rating of CVE-2019-20486 is medium.
What is the CWE category of this vulnerability?
The CWE category of this vulnerability is CWE-79.
How can I mitigate the vulnerability?
To mitigate the vulnerability, update your NETGEAR WNR1000V4 device to a version that addresses this issue and avoid visiting suspicious or untrusted websites.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- vendor/netgear
- canonical/netgear wnr1000 firmware
- version/netgear wnr1000 firmware/1.1.0.54
- canonical/netgear wnr1000
- version/netgear wnr1000/4