CVE-2020-35806: XSS
First published: Tue Dec 29 2020(Updated: )
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NETGEAR D7800 | <1.0.1.56 | |
| NETGEAR D7800 Firmware | ||
| NETGEAR R7500v2 firmware | <1.0.3.46 | |
| NETGEAR Nighthawk R7500 | ||
| NETGEAR R7800 firmware | <1.0.2.68 | |
| NETGEAR R7800 | ||
| NETGEAR RAX120 firmware | <1.0.0.78 | |
| NETGEAR RAX120 firmware | ||
| NETGEAR RBK22 Satellite Firmware | <2.3.5.26 | |
| NETGEAR RBK22 firmware | ||
| NETGEAR RBR20 | <2.3.5.26 | |
| NETGEAR RBR20 | ||
| NETGEAR RBS20 firmware | <2.3.5.26 | |
| NETGEAR RBS20 firmware | ||
| NETGEAR RBK40 | <2.3.5.30 | |
| NETGEAR RBK40 firmware | ||
| NETGEAR CBR40 firmware | <2.3.5.30 | |
| NETGEAR RBR40 firmware | ||
| NETGEAR RBS40 firmware | <2.3.5.30 | |
| NETGEAR RBS40 firmware | ||
| NETGEAR RBK50 firmware | <2.3.5.30 | |
| NETGEAR RBK50 | ||
| NETGEAR RBR50 firmware | <2.3.5.30 | |
| NETGEAR RBR50 firmware | ||
| NETGEAR RBS50 firmware | <2.3.5.30 | |
| NETGEAR RBS50 | ||
| NETGEAR WN3000RPv2 firmware | <1.0.0.78 | |
| NETGEAR WN3000RPv2 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-35806.
Which NETGEAR devices are affected by this vulnerability?
This vulnerability affects certain NETGEAR devices including D7800, R7500v2, R7800, RAX120, RBK22, RBR20, RBS20, RBK40, RBR40, RBS40, RBK50, RBR50, RBS50, and WN3000rpv2.
What is the severity of CVE-2020-35806?
CVE-2020-35806 has a severity score of 4.8, which is considered medium.
How can I fix the vulnerability in my NETGEAR device?
To fix the vulnerability, you should update your NETGEAR device firmware to the latest version provided by NETGEAR.
Where can I find more information about CVE-2020-35806?
You can find more information about CVE-2020-35806 in the NETGEAR security advisory at the following link: [NETGEAR Security Advisory](https://kb.netgear.com/000062729/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2018-0539).
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/netgear
- canonical/netgear d7800
- canonical/netgear d7800 firmware
- canonical/netgear r7500v2 firmware
- canonical/netgear nighthawk r7500
- canonical/netgear r7800 firmware
- canonical/netgear r7800
- canonical/netgear rax120 firmware
- canonical/netgear rbk22 satellite firmware
- canonical/netgear rbk22 firmware
- canonical/netgear rbr20
- canonical/netgear rbs20 firmware
- canonical/netgear rbk40
- canonical/netgear rbk40 firmware
- canonical/netgear cbr40 firmware
- canonical/netgear rbr40 firmware
- canonical/netgear rbs40 firmware
- canonical/netgear rbk50 firmware
- canonical/netgear rbk50
- canonical/netgear rbr50 firmware
- canonical/netgear rbs50 firmware
- canonical/netgear rbs50
- canonical/netgear wn3000rpv2 firmware