A vulnerability was found in Netgear RBR20, RBS20, RBK20, RBR40, RBS40, RBK40, RBR50, RBS50 and RBK50 (Wireless LAN Software) and classified as problematic. This issue affects an unknown code block. The manipulation with an unknown input leads to a cross site scripting vulnerability (Stored). Using CWE to declare the problem leads to CWE-80. The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. Impacted is integrity. The summary by CVE is:

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

The weakness was published 04/15/2020 (Website). The advisory is shared at kb.netgear.com. The identification of this vulnerability is CVE-2019-20669 since 04/15/2020. The attack may be initiated remotely. The exploitation requires an enhanced level of successful authentication. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1059.007 for this issue.

Upgrading eliminates this vulnerability.

Similar entries are available at VDB-153729, VDB-153727, VDB-153724 and VDB-153723. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Wireless LAN Software

Vendor

• Netgear

Name

• RBK20
• RBK40
• RBK50
• RBR20
• RBR40
• RBR50
• RBS20
• RBS40
• RBS50

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion