Lucene search

[email protected]NVD:CVE-2019-20720

HistoryApr 16, 2020 - 7:15 p.m.

CVE-2019-20720

2020-04-1619:15:25

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D7800 before 1.0.1.47, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66.

Affected configurations

Nvd

Node

netgeard3600_firmwareRange<1.0.0.76

AND

netgeard3600Match-

Node

netgeard6000_firmwareRange<1.0.0.76

AND

netgeard6000Match-

Node

netgeard7800_firmwareRange<1.0.1.47

AND

netgeard7800Match-

Node

netgearr7800_firmwareRange<1.0.2.52

AND

netgearr7800Match-

Node

netgearr8900_firmwareRange<1.0.4.12

AND

netgearr8900Match-

Node

netgearr9000_firmwareRange<1.0.4.12

AND

netgearr9000Match-

Node

netgearr7500_firmwareRange<1.0.3.38

AND

netgearr7500Matchv2

Node

netgearwn2000rpt_firmwareRange<1.0.1.32

AND

netgearwn2000rptMatchv3

Node

netgearwn3000rp_firmwareRange<1.0.2.70

AND

netgearwn3000rpMatchv3

Node

netgearwn3100rp_firmwareRange<1.0.0.66

AND

netgearwn3100rpMatchv2

VendorProductVersionCPE
netgeard3600_firmware*cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:*
netgeard3600-cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:*
netgeard6000_firmware*cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:*
netgeard6000-cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:*
netgeard7800_firmware*cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:*
netgeard7800-cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*
netgearr7800_firmware*cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*
netgearr7800-cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:*
netgearr8900_firmware*cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*
netgearr8900-cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	d3600_firmware	*	cpe:2.3:o:netgear:d3600_firmware::::::::
netgear	d3600	-	cpe:2.3:h:netgear:d3600:-:::::::*
netgear	d6000_firmware	*	cpe:2.3:o:netgear:d6000_firmware::::::::
netgear	d6000	-	cpe:2.3:h:netgear:d6000:-:::::::*
netgear	d7800_firmware	*	cpe:2.3:o:netgear:d7800_firmware::::::::
netgear	d7800	-	cpe:2.3:h:netgear:d7800:-:::::::*
netgear	r7800_firmware	*	cpe:2.3:o:netgear:r7800_firmware::::::::
netgear	r7800	-	cpe:2.3:h:netgear:r7800:-:::::::*
netgear	r8900_firmware	*	cpe:2.3:o:netgear:r8900_firmware::::::::
netgear	r8900	-	cpe:2.3:h:netgear:r8900:-:::::::*

Rows per page:

1-10 of 201

References

kb.netgear.com/000061208/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Gateways-PSV-2018-0174

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for NVD:CVE-2019-20720

prion1 cvelist1 cve1