CVE-2020-35835 : What You Need to Know
Learn about CVE-2020-35835 affecting NETGEAR routers. Discover the impacted models, severity, and mitigation steps to secure your devices.
Certain NETGEAR devices are affected by stored XSS, impacting various router models.
Understanding CVE-2020-35835
What is CVE-2020-35835?
Stored Cross-Site Scripting (XSS) vulnerability affecting specific NETGEAR router models.
The Impact of CVE-2020-35835
This vulnerability has a CVSS base score of 6.1 (Medium severity) with high confidentiality and integrity impact.
Technical Details of CVE-2020-35835
Vulnerability Description
- Stored XSS vulnerability in NETGEAR devices
Affected Systems and Versions
- D7800 before 1.0.1.56
- R7500v2 before 1.0.3.46
- R7800 before 1.0.2.74
- R8900 before 1.0.4.28
- R9000 before 1.0.4.28
- RAX120 before 1.0.0.78
- XR500 before 2.3.2.56
- XR700 before 1.0.1.10
Exploitation Mechanism
- Attack Complexity: Low
- Attack Vector: Adjacent Network
- Privileges Required: High
- User Interaction: None
Mitigation and Prevention
Immediate Steps to Take
- Update affected devices to the latest firmware
- Disable remote management if not needed
- Regularly monitor for unusual activities
Long-Term Security Practices
- Implement strong password policies
- Conduct regular security audits
- Educate users on safe browsing habits
Patching and Updates
Regularly check for firmware updates from NETGEAR and apply them promptly.