CVE-2020-35810 : What You Need to Know
Learn about CVE-2020-35810, a stored XSS vulnerability impacting various NETGEAR router models. Find out the affected systems, exploitation risks, and mitigation steps.
Certain NETGEAR devices are affected by stored XSS vulnerability, impacting various router models.
Understanding CVE-2020-35810
What is CVE-2020-35810?
Stored XSS vulnerability affecting multiple NETGEAR router models.
The Impact of CVE-2020-35810
The vulnerability allows attackers to execute malicious scripts on affected devices, compromising confidentiality and integrity.
Technical Details of CVE-2020-35810
Vulnerability Description
Stored XSS vulnerability in NETGEAR routers.
Affected Systems and Versions
- D7800 before 1.0.1.56
- R7500v2 before 1.0.3.46
- R7800 before 1.0.2.74
- R8900 before 1.0.4.28
- R9000 before 1.0.4.28
- RAX120 before 1.0.0.78
- RBK40, RBR40, RBS40 before 2.3.5.30
- RBK20, RBR20, RBS20 before 2.3.5.26
- RBK50, RBR50, RBS50 before 2.3.5.30
- XR500 before 2.3.2.56
- XR700 before 1.0.1.10
Exploitation Mechanism
Attackers with high privileges can inject and execute malicious scripts on vulnerable devices.
Mitigation and Prevention
Immediate Steps to Take
- Update affected devices to the latest firmware versions.
- Monitor network traffic for any suspicious activities.
- Restrict access to the router's administration interface.
Long-Term Security Practices
- Regularly update router firmware to patch known vulnerabilities.
- Implement strong password policies and enable firewall settings.
Patching and Updates
Apply security patches provided by NETGEAR to address the stored XSS vulnerability.