CVE-2019-20715
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
16/04/2020
Last modified:
20/04/2020
Description
Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.63, D7800 before 1.0.1.47, DM200 before 1.0.0.61, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, and RBS50 before 2.3.0.32.
Impact
Base Score 3.x
4.80
Severity 3.x
MEDIUM
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:netgear:d3600_firmware:*:*:*:*:*:*:*:* | 1.0.0.76 (excluding) | |
cpe:2.3:h:netgear:d3600:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:netgear:d6000_firmware:*:*:*:*:*:*:*:* | 1.0.0.76 (excluding) | |
cpe:2.3:h:netgear:d6000:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:* | 1.0.0.63 (excluding) | |
cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:netgear:d7800_firmware:*:*:*:*:*:*:*:* | 1.0.1.47 (excluding) | |
cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:netgear:dm200_firmware:*:*:*:*:*:*:*:* | 1.0.0.61 (excluding) | |
cpe:2.3:h:netgear:dm200:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:netgear:r7500_firmware:*:*:*:*:*:*:*:* | 1.0.3.40 (excluding) | |
cpe:2.3:h:netgear:r7500:v2:*:*:*:*:*:*:* | ||
cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:* | 1.0.2.60 (excluding) | |
cpe:2.3:h:netgear:r7800:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:netgear:rbk50_firmware:*:*:*:*:*:*:*:* | 2.3.0.32 (excluding) |
To consult the complete list of CPE names with products and versions, see this page