First published: Wed Apr 15 2020(Updated: )
Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear Rbr20 Firmware | <2.3.5.26 | |
Netgear Rbr20 | ||
Netgear Rbs20 Firmware | <2.3.5.26 | |
Netgear Rbs20 | ||
Netgear Rbk20 Firmware | <2.3.5.26 | |
Netgear Rbk20 | ||
Netgear Rbr40 Firmware | <2.3.5.30 | |
Netgear Rbr40 | ||
Netgear Rbs40 Firmware | <2.3.5.30 | |
Netgear Rbs40 | ||
Netgear Rbk40 Firmware | <2.3.5.30 | |
Netgear Rbk40 | ||
Netgear Rbr50 Firmware | <2.3.5.30 | |
Netgear Rbr50 | ||
Netgear Rbs50 Firmware | <2.3.5.30 | |
Netgear Rbs50 | ||
Netgear Rbk50 Firmware | <2.3.5.30 | |
Netgear Rbk50 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-20669 is medium with a CVSS score of 4.8.
The following NETGEAR devices are affected by CVE-2019-20669: RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
Stored XSS is a type of cross-site scripting vulnerability where the malicious script is permanently stored on the target server and executed whenever the user visits the affected page.
Update your NETGEAR devices to the latest firmware versions: RBR20 2.3.5.26 or later, RBS20 2.3.5.26 or later, RBK20 2.3.5.26 or later, RBR40 2.3.5.30 or later, RBS40 2.3.5.30 or later, RBK40 2.3.5.30 or later, RBR50 2.3.5.30 or later, RBS50 2.3.5.30 or later, and RBK50 2.3.5.30 or later.
You can find more information about CVE-2019-20669 in the Netgear Security Advisory: https://kb.netgear.com/000061470/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-WiFi-Systems-PSV-2018-0550