First published: Wed Apr 15 2020(Updated: )
Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
NETGEAR RBR50 firmware | <2.3.5.30 | |
NETGEAR RBR50 firmware | ||
NETGEAR RBS50 Firmware | <2.3.5.30 | |
NETGEAR RBS50 Firmware | ||
NETGEAR RBK50 firmware | <2.3.5.30 | |
NETGEAR Orbi RBK50 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-20670 is considered a moderate vulnerability due to the potential for stored cross-site scripting attacks.
CVE-2019-20670 affects NETGEAR RBR50, RBS50, and RBK50 devices running firmware versions prior to 2.3.5.30.
To fix CVE-2019-20670, users should upgrade their NETGEAR devices to firmware version 2.3.5.30 or later.
CVE-2019-20670 is a stored cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages.
Yes, CVE-2019-20670 can potentially allow attackers to access sensitive user data through exploiting the XSS vulnerability.