1. Home
  2. CVE Database
  3. CVE-2020-26923
MEDIUM · 4.3

CVE-2020-26923

Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.

Vulnerability Description

Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
NetgearWc7500 Firmware< 6.5.5.24
NetgearWc7500-
NetgearWc7600 Firmware< 6.5.5.24
NetgearWc7600-
NetgearWc7600V2 Firmware< 6.5.5.24
NetgearWc7600V2-
NetgearWc9500 Firmware< 6.5.5.24
NetgearWc9500-

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2020-26923?

CVE-2020-26923 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.

How severe is CVE-2020-26923?

CVE-2020-26923 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-26923?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Wc7500 Firmware, Netgear Wc7500, Netgear Wc7600 Firmware, Netgear Wc7600, Netgear Wc7600V2 Firmware.