What is CVE-2020-35824?

CVE-2020-35824 is a vulnerability that affects certain NETGEAR devices and allows for stored cross-site scripting (XSS) attacks.

What is the severity of CVE-2020-35824?

The severity of CVE-2020-35824 is medium with a CVSSv3 score of 4.8.

How does CVE-2020-35824 work?

CVE-2020-35824 allows an attacker to inject malicious scripts into stored data on the affected NETGEAR devices, which can then be executed when accessed by other users.

How can I fix CVE-2020-35824?

To fix CVE-2020-35824, it is recommended to update the firmware of the affected NETGEAR devices to the patched versions provided by NETGEAR.

Vulnerability/
CVE-2020-35824

medium

6.1

CWE

29/12/2020

4/8/2024

CVE-2020-35824: XSS

Q: Which NETGEAR devices are affected by CVE-2020-35824?

The NETGEAR devices affected by CVE-2020-35824 include D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR500 before 2.3.2.56.

First published: Tue Dec 29 2020(Updated: )

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Netgear D7800 Firmware	<1.0.1.56
Netgear D7800
Netgear R7500v2 Firmware	<1.0.3.46
Netgear R7500v2
NETGEAR R7800 firmware	<1.0.2.74
NETGEAR R7800
Netgear R8900 Firmware	<1.0.4.28
NETGEAR R8900
Netgear R9000 Firmware	<1.0.4.28
NETGEAR R9000
Netgear Rax120 Firmware	<1.0.0.78
Netgear Rax120
Netgear Rbk50 Firmware	<2.3.5.30
Netgear Rbk50
Netgear Rbr50 Firmware	<2.3.5.30
Netgear Rbr50
Netgear Rbs50 Firmware	<2.3.5.30
Netgear Rbs50
Netgear Xr500 Firmware	<2.3.2.56
NETGEAR XR500
Netgear Xr700 Firmware	<1.0.1.10
Netgear Xr700

Never miss a vulnerability like this again

Reference Links

https://kb.netgear.com/000062673/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0501

Frequently Asked Questions

What is CVE-2020-35824?
CVE-2020-35824 is a vulnerability that affects certain NETGEAR devices and allows for stored cross-site scripting (XSS) attacks.
Which NETGEAR devices are affected by CVE-2020-35824?
The NETGEAR devices affected by CVE-2020-35824 include D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR500 before 2.3.2.56.
What is the severity of CVE-2020-35824?
The severity of CVE-2020-35824 is medium with a CVSSv3 score of 4.8.
How does CVE-2020-35824 work?
CVE-2020-35824 allows an attacker to inject malicious scripts into stored data on the affected NETGEAR devices, which can then be executed when accessed by other users.
How can I fix CVE-2020-35824?
To fix CVE-2020-35824, it is recommended to update the firmware of the affected NETGEAR devices to the patched versions provided by NETGEAR.

CVE-2020-35824: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-35824?

Which NETGEAR devices are affected by CVE-2020-35824?

What is the severity of CVE-2020-35824?

How does CVE-2020-35824 work?

How can I fix CVE-2020-35824?

Company

Resources

Contact