| Vulnerability Name: | CVE-2020-11772 (CCN-180353) | ||||||||||||
| Assigned: | 2020-03-02 | ||||||||||||
| Published: | 2020-03-02 | ||||||||||||
| Updated: | 2020-04-16 | ||||||||||||
| Summary: | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||||||||||
| CVSS v3 Severity: | 4.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N) 4.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-11772 Source: XF Type: UNKNOWN netgear-cve202011772-xss(180353) Source: CCN Type: NETGEAR Security Advisory: PSV-2018-0520 Security Advisory for Stored Cross Site Scripting on Some Routers and Gateways Source: CONFIRM Type: Vendor Advisory https://kb.netgear.com/000061758/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2018-0520 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration 5: Configuration 6: Configuration 7: Configuration 8: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||