CVE-2020-35840 : What You Need to Know
Learn about CVE-2020-35840 affecting certain NETGEAR devices with stored XSS. Find impacted systems, exploitation details, and mitigation steps.
Certain NETGEAR devices are affected by stored XSS vulnerability.
Understanding CVE-2020-35840
What is CVE-2020-35840?
Certain NETGEAR devices are impacted by stored XSS, affecting various models before specific firmware versions.
The Impact of CVE-2020-35840
The vulnerability has a CVSS base score of 6.9, with low confidentiality impact but high integrity impact.
Technical Details of CVE-2020-35840
Vulnerability Description
Stored XSS vulnerability affecting multiple NETGEAR router models.
Affected Systems and Versions
- D6200 before 1.1.00.38
- D7000 before 1.0.1.78
- JNR1010v2 before 1.1.0.62
- JR6150 before 1.0.1.24
- JWNR2010v5 before 1.1.0.62
- R6020 before 1.0.0.42
- R6050 before 1.0.1.24
- R6080 before 1.0.0.42
- R6120 before 1.0.0.66
- R6220 before 1.1.0.100
- R6260 before 1.1.0.76
- WNR1000v4 before 1.1.0.62
- WNR2020 before 1.1.0.62
- WNR2050 before 1.1.0.62
Exploitation Mechanism
The vulnerability requires low privileges and user interaction, with an adjacent network attack vector.
Mitigation and Prevention
Immediate Steps to Take
- Update affected devices to the latest firmware versions.
- Monitor network traffic for any suspicious activities.
Long-Term Security Practices
- Regularly update firmware and security patches.
- Implement network segmentation to limit the impact of potential attacks.
- Educate users on safe browsing practices.
Patching and Updates
Apply patches and updates provided by NETGEAR to address the stored XSS vulnerability.