CVE-2020-35841 Explained : Impact and Mitigation
Learn about CVE-2020-35841 affecting NETGEAR devices with stored XSS vulnerability. Find impacted systems, exploitation details, and mitigation steps.
Certain NETGEAR devices are affected by stored XSS vulnerability.
Understanding CVE-2020-35841
What is CVE-2020-35841?
Stored XSS vulnerability impacts various NETGEAR devices, including D6200, D7000, JNR1010v2, and more.
The Impact of CVE-2020-35841
The vulnerability has a CVSS base score of 6.9, with low confidentiality impact and high integrity impact.
Technical Details of CVE-2020-35841
Vulnerability Description
Stored XSS vulnerability affects NETGEAR devices before specific firmware versions.
Affected Systems and Versions
- D6200 before 1.1.00.38
- D7000 before 1.0.1.78
- JNR1010v2 before 1.1.0.62
- JR6150 before 1.0.1.24
- JWNR2010v5 before 1.1.0.62
- R6020 before 1.0.0.42
- R6050 before 1.0.1.24
- R6080 before 1.0.0.42
- R6120 before 1.0.0.66
- R6220 before 1.1.0.100
- R6260 before 1.1.0.76
- R6700v2 before 1.2.0.62
- R6800 before 1.2.0.62
- R6900v2 before 1.2.0.62
- R7450 before 1.2.0.62
- WNR1000v4 before 1.1.0.62
- WNR2020 before 1.1.0.62
- WNR2050 before 1.1.0.62
Exploitation Mechanism
The vulnerability requires low privileges and user interaction, with an adjacent network attack vector.
Mitigation and Prevention
Immediate Steps to Take
- Update affected devices to the latest firmware versions.
- Monitor for any suspicious activities on the network.
Long-Term Security Practices
- Regularly update firmware and security patches.
- Implement network segmentation to limit the impact of potential attacks.
Patching and Updates
Apply patches and updates provided by NETGEAR to address the stored XSS vulnerability.