CVE-2020-35818 : Security Advisory and Response
Learn about CVE-2020-35818 affecting certain NETGEAR devices with stored XSS. Find impacted systems, exploitation details, and mitigation steps.
Certain NETGEAR devices are affected by stored XSS vulnerability.
Understanding CVE-2020-35818
What is CVE-2020-35818?
Certain NETGEAR devices are vulnerable to stored XSS, impacting various models before specific firmware versions.
The Impact of CVE-2020-35818
The vulnerability has a CVSS base score of 6.1, with high confidentiality and integrity impacts.
Technical Details of CVE-2020-35818
Vulnerability Description
Stored XSS vulnerability affecting NETGEAR devices.
Affected Systems and Versions
- D7800 before 1.0.1.56
- R7500v2 before 1.0.3.46
- R7800 before 1.0.2.74
- R8900 before 1.0.4.28
- R9000 before 1.0.4.28
- RAX120 before 1.0.0.78
- RBR20 before 2.3.5.26
- RBS20 before 2.3.5.26
- RBK40 before 2.3.5.30
- RBR40 before 2.3.5.30
- RBS40 before 2.3.5.30
- RBK50 before 2.3.5.30
- RBR50 before 2.3.5.30
- RBS50 before 2.3.5.30
- XR500 before 2.3.2.56
- XR700 before 1.0.1.10
Exploitation Mechanism
The vulnerability can be exploited by an attacker with high privileges, leading to stored XSS attacks.
Mitigation and Prevention
Immediate Steps to Take
- Update affected devices to the latest firmware versions.
- Monitor for any unusual activities on the network.
Long-Term Security Practices
- Regularly update firmware and security patches.
- Implement network segmentation to limit the impact of potential attacks.
- Educate users on safe browsing practices and avoiding suspicious links.
Patching and Updates
Apply patches provided by NETGEAR to address the stored XSS vulnerability.