CVE-2019-20750
https://notcve.org/view.php?id=CVE-2019-20750
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX6150v2 before 1.0.1.76, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66. Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo XSS almacenado. Esto afecta a D7800 versiones anteriores a 1.0.1.47, EX6150v2 versiones anteriores a 1.0.1.76, R7500v2 versiones anteriores a 1.0.3.38, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1.0.4.12, R9000 versiones anteriores a 1.0.4.12, WN2000RPTv3 versiones anteriores a 1.0.1.32, WN3000RPv3 versiones anteriores a 1.0.2.70, y WN3100RPv2 versiones anteriores a 1.0.0.66. • https://kb.netgear.com/000060966/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-Gateways-and-Routers-PSV-2018-0173 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-20749
https://notcve.org/view.php?id=CVE-2019-20749
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66. Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo XSS almacenado. Esto afecta a D7800 versiones anteriores a 1.0.1.47, EX6100v2 versiones anteriores a 1.0.1.76, EX6150v2 versiones anteriores a 1.0.1.76, R7500v2 versiones anteriores a 1.0.3.38, R7800 versiones anteriores a 1.0.2. 52, R8900 versiones anteriores a 1.0.4.12, R9000 versiones anteriores a 1.0.4.12, WN2000RPTv3 versiones anteriores a 1.0.1.32, WN3000RPv3 versiones anteriores a 1.0.2.70, y WN3100RPv2 versiones anteriores a 1.0.0.66. • https://kb.netgear.com/000060965/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Gateways-Extenders-and-Routers-PSV-2018-0172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-20746
https://notcve.org/view.php?id=CVE-2019-20746
Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. Determinados dispositivos NETGEAR están afectados por una vulnerabilidad de tipo XSS reflejado. Esto afecta a D3600 versiones anteriores a 1.0.0.75, D6000 versiones anteriores a 1.0.0.75, D7800 versiones anteriores a 1.0.1.44, DM200 versiones anteriores a 1.0.0.58, R7800 versiones anteriores a 1.0.2. 58, R8900 versiones anteriores a 1.0.4.12, R9000 versiones anteriores a 1.0.4.8, RBK20 versiones anteriores a 2.3.0.28, RBR20 versiones anteriores a 2.3.0.28, RBS20 versiones anteriores a 2.3.0.28, RBK40 versiones anteriores a 2.3.0. 28, RBS40 versiones anteriores a 2.3.0.28, RBK50 versiones anteriores a 2.3.0.32, RBR50 versiones anteriores a 2.3.0.32, RBS50 versiones anteriores a 2.3.0.32, WN3000RPv2 versiones anteriores a 1.0.0.68, WN3000RPv3 versiones anteriores a 1. 0.2.70, WN3100RPv2 versiones anteriores a 1.0.0.60, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, y WNR2000v5 versiones anteriores a 1.0.0.68. • https://kb.netgear.com/000060973/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0252 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-20738
https://notcve.org/view.php?id=CVE-2019-20738
Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.34, JNR1010v2 before 1.1.0.50, JWNR2010v5 before 1.1.0.50, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6100 before 1.0.1.16, R6120 before 1.0.0.40, R6700v2 before 1.2.0.14, R6800 before 1.2.0.14, R6900v2 before 1.2.0.14, R7500v2 before 1.0.3.26, R7800 before 1.0.2.46, R9000 before 1.0.4.2, WN3000RPv2 before 1.0.0.52, WN3000RPv3 before 1.0.2.78, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.50, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.50, and WNR2050 before 1.1.0.50. NOTE: this may be a result of an incomplete fix for CVE-2017-18866. Ciertos dispositivos NETGEAR se ven afectados por XSS almacenado. Esto afecta a D6100 antes de 1.0.0.58, D7800 antes de 1.0.1.34, JNR1010v2 antes de 1.1.0.50, JWNR2010v5 antes de 1.1.0.50, RBK50 antes de 2.3.5.30, RBR50 antes de 2.3.5.30, RBS50 antes de 2.3.5.30, R6020 antes de 1.0.0.30, R6080 antes de 1.0.0.30, R6100 antes de 1.0.1.16, R6120 antes de 1.0.0.40, R6700v2 antes de 1.2.0.14, R6800 antes de 1.2.0.14, R6900v2 antes de 1.2.0.14, R7500v2 antes de 1.0.3.26, R7800 antes de 1.0.2.46, R9000 antes 1.0.4.2, WN3000RPv2 antes de 1.0.0.52, WN3000RPv3 antes de 1.0.2.78, WNDR3700v4 antes de 1.0.2.102, WNDR3700v5 antes de 1.1.0.54, WNDR4300v1 antes de 1.0.2.104, WNDR4300v2 antes de 1.0.0.48, WNDR4500v3 antes de 1.0.0.48, WNDR4500v3 antes de 1.0.0.48 0.50, WNR2000v5 antes de 1.0.0.64, WNR2020 antes de 1.1.0.50 y WNR2050 antes de 1.1.0.50. • https://kb.netgear.com/000061187/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-System-PSV-2016-0100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-20723
https://notcve.org/view.php?id=CVE-2019-20723
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, DM200 before 1.0.0.58, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a D3600 versiones anteriores a 1.0.0.75, D6000 versiones anteriores a 1.0.0.75, D6100 versiones anteriores a 1.0.0.63, DM200 versiones anteriores a 1.0.0.58, EX2700 versiones anteriores a 1.0.1.48, EX6100v2 versiones anteriores a 1. 0,1,76, EX6150v2 versiones anteriores a 1.0.1.76, EX6200v2 versiones anteriores a 1.0.1.72, EX6400 versiones anteriores a 1.0.2.136, EX7300 versiones anteriores a 1.0.2.136, EX8000 versiones anteriores a 1.0.1. 180, R7800 versiones anteriores a 1.0.2.52, R8900 versiones anteriores a 1.0.4.2, R9000 versiones anteriores a 1.0.4.2, WN2000RPTv3 versiones anteriores a 1.0.1.32, WN3000RPv2 versiones anteriores a 1.0.0.68, WN3000RPv3 versiones anteriores a 1. 0.2.70, WN3100RPv2 versiones anteriores a 1.0.0.60, WNDR4300v2 versiones anteriores a 1.0.0.58, WNDR4500v3 versiones anteriores a 1.0.0.58, WNR2000v5 versiones anteriores a 1.0.0.68, y XR500 versiones anteriores a 2.3.2.32. • https://kb.netgear.com/000061205/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0146 • CWE-787: Out-of-bounds Write •