CVE-2019-20738
Severity Score
5.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.34, JNR1010v2 before 1.1.0.50, JWNR2010v5 before 1.1.0.50, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6100 before 1.0.1.16, R6120 before 1.0.0.40, R6700v2 before 1.2.0.14, R6800 before 1.2.0.14, R6900v2 before 1.2.0.14, R7500v2 before 1.0.3.26, R7800 before 1.0.2.46, R9000 before 1.0.4.2, WN3000RPv2 before 1.0.0.52, WN3000RPv3 before 1.0.2.78, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.50, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.50, and WNR2050 before 1.1.0.50. NOTE: this may be a result of an incomplete fix for CVE-2017-18866.
Ciertos dispositivos NETGEAR se ven afectados por XSS almacenado. Esto afecta a D6100 antes de 1.0.0.58, D7800 antes de 1.0.1.34, JNR1010v2 antes de 1.1.0.50, JWNR2010v5 antes de 1.1.0.50, RBK50 antes de 2.3.5.30, RBR50 antes de 2.3.5.30, RBS50 antes de 2.3.5.30, R6020 antes de 1.0.0.30, R6080 antes de 1.0.0.30, R6100 antes de 1.0.1.16, R6120 antes de 1.0.0.40, R6700v2 antes de 1.2.0.14, R6800 antes de 1.2.0.14, R6900v2 antes de 1.2.0.14, R7500v2 antes de 1.0.3.26, R7800 antes de 1.0.2.46, R9000 antes 1.0.4.2, WN3000RPv2 antes de 1.0.0.52, WN3000RPv3 antes de 1.0.2.78, WNDR3700v4 antes de 1.0.2.102, WNDR3700v5 antes de 1.1.0.54, WNDR4300v1 antes de 1.0.2.104, WNDR4300v2 antes de 1.0.0.48, WNDR4500v3 antes de 1.0.0.48, WNDR4500v3 antes de 1.0.0.48 0.50, WNR2000v5 antes de 1.0.0.64, WNR2020 antes de 1.1.0.50 y WNR2050 antes de 1.1.0.50. NOTA: esto puede ser el resultado de una soluciĆ³n incompleta para CVE-2017-18866.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-04-15 CVE Reserved
- 2020-04-16 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netgear Search vendor "Netgear" | D6100 Firmware Search vendor "Netgear" for product "D6100 Firmware" | < 1.0.0.58 Search vendor "Netgear" for product "D6100 Firmware" and version " < 1.0.0.58" | - |
Affected
| in | Netgear Search vendor "Netgear" | D6100 Search vendor "Netgear" for product "D6100" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | D7800 Firmware Search vendor "Netgear" for product "D7800 Firmware" | < 1.0.1.34 Search vendor "Netgear" for product "D7800 Firmware" and version " < 1.0.1.34" | - |
Affected
| in | Netgear Search vendor "Netgear" | D7800 Search vendor "Netgear" for product "D7800" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Jnr1010 Firmware Search vendor "Netgear" for product "Jnr1010 Firmware" | < 1.1.0.50 Search vendor "Netgear" for product "Jnr1010 Firmware" and version " < 1.1.0.50" | - |
Affected
| in | Netgear Search vendor "Netgear" | Jnr1010 Search vendor "Netgear" for product "Jnr1010" | v2 Search vendor "Netgear" for product "Jnr1010" and version "v2" | - |
Safe
|
| Netgear Search vendor "Netgear" | Jwnr2010 Firmware Search vendor "Netgear" for product "Jwnr2010 Firmware" | < 1.1.0.50 Search vendor "Netgear" for product "Jwnr2010 Firmware" and version " < 1.1.0.50" | - |
Affected
| in | Netgear Search vendor "Netgear" | Jwnr2010 Search vendor "Netgear" for product "Jwnr2010" | v5 Search vendor "Netgear" for product "Jwnr2010" and version "v5" | - |
Safe
|
| Netgear Search vendor "Netgear" | Rbk50 Firmware Search vendor "Netgear" for product "Rbk50 Firmware" | < 2.3.5.30 Search vendor "Netgear" for product "Rbk50 Firmware" and version " < 2.3.5.30" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbk50 Search vendor "Netgear" for product "Rbk50" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Rbr50 Firmware Search vendor "Netgear" for product "Rbr50 Firmware" | < 2.3.5.30 Search vendor "Netgear" for product "Rbr50 Firmware" and version " < 2.3.5.30" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbr50 Search vendor "Netgear" for product "Rbr50" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Rbs50 Firmware Search vendor "Netgear" for product "Rbs50 Firmware" | < 2.3.5.30 Search vendor "Netgear" for product "Rbs50 Firmware" and version " < 2.3.5.30" | - |
Affected
| in | Netgear Search vendor "Netgear" | Rbs50 Search vendor "Netgear" for product "Rbs50" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | R6020 Firmware Search vendor "Netgear" for product "R6020 Firmware" | < 1.0.0.30 Search vendor "Netgear" for product "R6020 Firmware" and version " < 1.0.0.30" | - |
Affected
| in | Netgear Search vendor "Netgear" | R6020 Search vendor "Netgear" for product "R6020" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | R6080 Firmware Search vendor "Netgear" for product "R6080 Firmware" | < 1.0.0.30 Search vendor "Netgear" for product "R6080 Firmware" and version " < 1.0.0.30" | - |
Affected
| in | Netgear Search vendor "Netgear" | R6080 Search vendor "Netgear" for product "R6080" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | R6100 Firmware Search vendor "Netgear" for product "R6100 Firmware" | < 1.0.1.16 Search vendor "Netgear" for product "R6100 Firmware" and version " < 1.0.1.16" | - |
Affected
| in | Netgear Search vendor "Netgear" | R6100 Search vendor "Netgear" for product "R6100" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | R6120 Firmware Search vendor "Netgear" for product "R6120 Firmware" | < 1.0.0.40 Search vendor "Netgear" for product "R6120 Firmware" and version " < 1.0.0.40" | - |
Affected
| in | Netgear Search vendor "Netgear" | R6120 Search vendor "Netgear" for product "R6120" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | R6700 Firmware Search vendor "Netgear" for product "R6700 Firmware" | < 1.2.0.14 Search vendor "Netgear" for product "R6700 Firmware" and version " < 1.2.0.14" | - |
Affected
| in | Netgear Search vendor "Netgear" | R6700 Search vendor "Netgear" for product "R6700" | v2 Search vendor "Netgear" for product "R6700" and version "v2" | - |
Safe
|
| Netgear Search vendor "Netgear" | R6800 Firmware Search vendor "Netgear" for product "R6800 Firmware" | < 1.2.0.14 Search vendor "Netgear" for product "R6800 Firmware" and version " < 1.2.0.14" | - |
Affected
| in | Netgear Search vendor "Netgear" | R6800 Search vendor "Netgear" for product "R6800" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | R6900 Firmware Search vendor "Netgear" for product "R6900 Firmware" | < 1.2.0.14 Search vendor "Netgear" for product "R6900 Firmware" and version " < 1.2.0.14" | - |
Affected
| in | Netgear Search vendor "Netgear" | R6900 Search vendor "Netgear" for product "R6900" | v2 Search vendor "Netgear" for product "R6900" and version "v2" | - |
Safe
|
| Netgear Search vendor "Netgear" | R7500 Firmware Search vendor "Netgear" for product "R7500 Firmware" | < 1.0.3.26 Search vendor "Netgear" for product "R7500 Firmware" and version " < 1.0.3.26" | - |
Affected
| in | Netgear Search vendor "Netgear" | R7500 Search vendor "Netgear" for product "R7500" | v2 Search vendor "Netgear" for product "R7500" and version "v2" | - |
Safe
|
| Netgear Search vendor "Netgear" | R7800 Firmware Search vendor "Netgear" for product "R7800 Firmware" | < 1.0.2.46 Search vendor "Netgear" for product "R7800 Firmware" and version " < 1.0.2.46" | - |
Affected
| in | Netgear Search vendor "Netgear" | R7800 Search vendor "Netgear" for product "R7800" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | R9000 Firmware Search vendor "Netgear" for product "R9000 Firmware" | < 1.0.4.2 Search vendor "Netgear" for product "R9000 Firmware" and version " < 1.0.4.2" | - |
Affected
| in | Netgear Search vendor "Netgear" | R9000 Search vendor "Netgear" for product "R9000" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Wn3000rp Firmware Search vendor "Netgear" for product "Wn3000rp Firmware" | < 1.0.0.52 Search vendor "Netgear" for product "Wn3000rp Firmware" and version " < 1.0.0.52" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wn3000rp Search vendor "Netgear" for product "Wn3000rp" | v2 Search vendor "Netgear" for product "Wn3000rp" and version "v2" | - |
Safe
|
| Netgear Search vendor "Netgear" | Wn3000rp Firmware Search vendor "Netgear" for product "Wn3000rp Firmware" | < 1.0.2.78 Search vendor "Netgear" for product "Wn3000rp Firmware" and version " < 1.0.2.78" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wn3000rp Search vendor "Netgear" for product "Wn3000rp" | v3 Search vendor "Netgear" for product "Wn3000rp" and version "v3" | - |
Safe
|
| Netgear Search vendor "Netgear" | Wndr3700 Firmware Search vendor "Netgear" for product "Wndr3700 Firmware" | < 1.0.2.102 Search vendor "Netgear" for product "Wndr3700 Firmware" and version " < 1.0.2.102" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wndr3700 Search vendor "Netgear" for product "Wndr3700" | v4 Search vendor "Netgear" for product "Wndr3700" and version "v4" | - |
Safe
|
| Netgear Search vendor "Netgear" | Wndr3700 Firmware Search vendor "Netgear" for product "Wndr3700 Firmware" | < 1.1.0.54 Search vendor "Netgear" for product "Wndr3700 Firmware" and version " < 1.1.0.54" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wndr3700 Search vendor "Netgear" for product "Wndr3700" | v5 Search vendor "Netgear" for product "Wndr3700" and version "v5" | - |
Safe
|
| Netgear Search vendor "Netgear" | Wndr4300 Firmware Search vendor "Netgear" for product "Wndr4300 Firmware" | < 1.0.2.104 Search vendor "Netgear" for product "Wndr4300 Firmware" and version " < 1.0.2.104" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wndr4300 Search vendor "Netgear" for product "Wndr4300" | v1 Search vendor "Netgear" for product "Wndr4300" and version "v1" | - |
Safe
|
| Netgear Search vendor "Netgear" | Wndr4300 Firmware Search vendor "Netgear" for product "Wndr4300 Firmware" | < 1.0.0.48 Search vendor "Netgear" for product "Wndr4300 Firmware" and version " < 1.0.0.48" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wndr4300 Search vendor "Netgear" for product "Wndr4300" | v2 Search vendor "Netgear" for product "Wndr4300" and version "v2" | - |
Safe
|
| Netgear Search vendor "Netgear" | Wndr4500 Firmware Search vendor "Netgear" for product "Wndr4500 Firmware" | < 1.0.0.48 Search vendor "Netgear" for product "Wndr4500 Firmware" and version " < 1.0.0.48" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wndr4500 Search vendor "Netgear" for product "Wndr4500" | v3 Search vendor "Netgear" for product "Wndr4500" and version "v3" | - |
Safe
|
| Netgear Search vendor "Netgear" | Wnr1000 Firmware Search vendor "Netgear" for product "Wnr1000 Firmware" | < 1.1.0.50 Search vendor "Netgear" for product "Wnr1000 Firmware" and version " < 1.1.0.50" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wnr1000 Search vendor "Netgear" for product "Wnr1000" | v4 Search vendor "Netgear" for product "Wnr1000" and version "v4" | - |
Safe
|
| Netgear Search vendor "Netgear" | Wnr2000 Firmware Search vendor "Netgear" for product "Wnr2000 Firmware" | < 1.0.0.64 Search vendor "Netgear" for product "Wnr2000 Firmware" and version " < 1.0.0.64" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wnr2000 Search vendor "Netgear" for product "Wnr2000" | v5 Search vendor "Netgear" for product "Wnr2000" and version "v5" | - |
Safe
|
| Netgear Search vendor "Netgear" | Wnr2020 Firmware Search vendor "Netgear" for product "Wnr2020 Firmware" | < 1.1.0.50 Search vendor "Netgear" for product "Wnr2020 Firmware" and version " < 1.1.0.50" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wnr2020 Search vendor "Netgear" for product "Wnr2020" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Wnr2050 Firmware Search vendor "Netgear" for product "Wnr2050 Firmware" | < 1.1.0.50 Search vendor "Netgear" for product "Wnr2050 Firmware" and version " < 1.1.0.50" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wnr2050 Search vendor "Netgear" for product "Wnr2050" | - | - |
Safe
|