Which NETGEAR devices are affected by stored XSS vulnerability CVE-2019-20720?

The NETGEAR devices affected by stored XSS vulnerability CVE-2019-20720 are D3600, D6000, D7800, R7500v2, R7800, R8900, R9000, WN2000RPTv3, WN3000RPv3, and WN3100RPv2.

What is the severity of vulnerability CVE-2019-20720?

The severity of vulnerability CVE-2019-20720 is medium with a score of 4.8 out of 10.

How can I fix vulnerability CVE-2019-20720?

To fix vulnerability CVE-2019-20720, update the firmware of the affected NETGEAR device to version 1.0.0.76 (for D3600 and D6000), version 1.0.1.47 (for D7800), version 1.0.3.38 (for R7500v2), version 1.0.2.52 (for R7800), version 1.0.4.12 (for R8900 and R9000), version 1.0.1.32 (for WN2000RPTv3), version 1.0.2.70 (for WN3000RPv3), or version 1.0.0.66 (for WN3100RPv2).

What is the Common Weakness Enumeration (CWE) ID for vulnerability CVE-2019-20720?

The Common Weakness Enumeration (CWE) ID for vulnerability CVE-2019-20720 is 79.

Where can I find more information about vulnerability CVE-2019-20720?

You can find more information about vulnerability CVE-2019-20720 in the NETGEAR Security Advisory PSV-2018-0174.

Vulnerability/
CVE-2019-20720

medium

4.8

CWE

16/4/2020

22/4/2020

CVE-2019-20720: XSS

First published: Thu Apr 16 2020(Updated: )

Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D7800 before 1.0.1.47, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Netgear D3600 Firmware	<1.0.0.76
NETGEAR D3600
Netgear D6000 Firmware	<1.0.0.76
Netgear D6000
Netgear D7800 Firmware	<1.0.1.47
Netgear D7800
NETGEAR R7800 firmware	<1.0.2.52
NETGEAR R7800
Netgear R8900 Firmware	<1.0.4.12
NETGEAR R8900
Netgear R9000 Firmware	<1.0.4.12
NETGEAR R9000
Netgear R7500 Firmware	<1.0.3.38
Netgear R7500	=v2
Netgear Wn2000rpt Firmware	<1.0.1.32
Netgear Wn2000rpt	=v3
Netgear Wn3000rp Firmware	<1.0.2.70
Netgear Wn3000rp	=v3
Netgear Wn3100rp Firmware	<1.0.0.66
Netgear Wn3100rp	=v2

Never miss a vulnerability like this again

Reference Links

https://kb.netgear.com/000061208/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2018-0174

Frequently Asked Questions

Which NETGEAR devices are affected by stored XSS vulnerability CVE-2019-20720?
The NETGEAR devices affected by stored XSS vulnerability CVE-2019-20720 are D3600, D6000, D7800, R7500v2, R7800, R8900, R9000, WN2000RPTv3, WN3000RPv3, and WN3100RPv2.
What is the severity of vulnerability CVE-2019-20720?
The severity of vulnerability CVE-2019-20720 is medium with a score of 4.8 out of 10.
How can I fix vulnerability CVE-2019-20720?
To fix vulnerability CVE-2019-20720, update the firmware of the affected NETGEAR device to version 1.0.0.76 (for D3600 and D6000), version 1.0.1.47 (for D7800), version 1.0.3.38 (for R7500v2), version 1.0.2.52 (for R7800), version 1.0.4.12 (for R8900 and R9000), version 1.0.1.32 (for WN2000RPTv3), version 1.0.2.70 (for WN3000RPv3), or version 1.0.0.66 (for WN3100RPv2).
What is the Common Weakness Enumeration (CWE) ID for vulnerability CVE-2019-20720?
The Common Weakness Enumeration (CWE) ID for vulnerability CVE-2019-20720 is 79.
Where can I find more information about vulnerability CVE-2019-20720?
You can find more information about vulnerability CVE-2019-20720 in the NETGEAR Security Advisory PSV-2018-0174.