Vulnerability Description
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | D7800 Firmware | < 1.0.1.56 |
| Netgear | D7800 | - |
| Netgear | Rbk50 Firmware | < 2.3.5.30 |
| Netgear | Rbk50 | - |
| Netgear | Rbr50 Firmware | < 2.3.5.30 |
| Netgear | Rbr50 | - |
| Netgear | Rbs50 Firmware | < 2.3.5.30 |
| Netgear | Rbs50 | - |
| Netgear | R7800 Firmware | < 1.0.2.74 |
| Netgear | R7800 | - |
| Netgear | R8900 Firmware | < 1.0.4.28 |
| Netgear | R8900 | - |
| Netgear | R9000 Firmware | < 1.0.4.28 |
| Netgear | R9000 | - |
| Netgear | Xr500 Firmware | < 2.3.2.56 |
| Netgear | Xr500 | - |
| Netgear | Xr700 Firmware | < 1.0.1.10 |
| Netgear | Xr700 | - |
| Netgear | Rax120 Firmware | < 1.0.0.78 |
| Netgear | Rax120 | - |
Related Weaknesses (CWE)
References
- https://kb.netgear.com/000062653/Security-Advisory-for-Stored-Cross-Site-ScriptiVendor Advisory
- https://kb.netgear.com/000062653/Security-Advisory-for-Stored-Cross-Site-ScriptiVendor Advisory
FAQ
What is CVE-2020-35827?
CVE-2020-35827 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R7800 before 1.0.2.74, R8900 before 1.0.4.2...
How severe is CVE-2020-35827?
CVE-2020-35827 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35827?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear D7800 Firmware, Netgear D7800, Netgear Rbk50 Firmware, Netgear Rbk50, Netgear Rbr50 Firmware.