CVE-2020-35813 : Security Advisory and Response
Learn about CVE-2020-35813 affecting certain NETGEAR devices with stored XSS vulnerability. Find out impacted systems, exploitation details, and mitigation steps.
Certain NETGEAR devices are affected by stored XSS vulnerability.
Understanding CVE-2020-35813
What is CVE-2020-35813?
Stored XSS vulnerability impacts various NETGEAR devices, potentially allowing attackers to execute malicious scripts.
The Impact of CVE-2020-35813
The vulnerability has a CVSS base score of 6.1, with high confidentiality and integrity impacts.
Technical Details of CVE-2020-35813
Vulnerability Description
- Stored XSS vulnerability affecting NETGEAR devices
Affected Systems and Versions
- D7800 before 1.0.1.56
- RBK50, RBR50, RBS50 before 2.3.5.30
- RBK40, RBR40, RBS40 before 2.3.5.30
- RBK20, RBR20, RBS20 before 2.3.5.26
- XR700 before 1.0.1.10
- R7500v2 before 1.0.3.46
- R7800 before 1.0.2.74
- R8900, R9000 before 1.0.4.28
- XR500 before 2.3.2.56
- RAX120 before 1.0.0.78
Exploitation Mechanism
- Attack complexity: Low
- Attack vector: Adjacent network
- Privileges required: High
Mitigation and Prevention
Immediate Steps to Take
- Update affected devices to the latest firmware
- Implement network segmentation to limit the impact of potential attacks
Long-Term Security Practices
- Regularly monitor for security advisories and updates from NETGEAR
- Conduct security assessments and penetration testing to identify vulnerabilities
Patching and Updates
- Apply patches provided by NETGEAR to address the stored XSS vulnerability