CVE-2020-35820 in D7800
Summary
by MITRE • 12/30/2020
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/23/2026
Network security vulnerabilities in consumer and enterprise networking equipment represent critical risks to organizational infrastructure, particularly when they involve cross-site scripting flaws that can persist across multiple device models and firmware versions. The stored cross-site scripting vulnerability identified in various NETGEAR device models demonstrates a fundamental weakness in input validation and output sanitization mechanisms within the affected routers and access points. This vulnerability specifically impacts devices including the D7800, R7500v2, R7800, R8900, R9000, RAX120, RBK50, RBR50, RBS50, XR500, and XR700 models, all of which have been identified with firmware versions prior to their respective security patches. The stored nature of this XSS vulnerability means that malicious input injected into the device configuration or management interfaces persists in the device's memory and can be executed whenever affected pages are loaded by authenticated users, creating a persistent threat vector that extends beyond simple session-based attacks.
The technical implementation flaw stems from inadequate sanitization of user-supplied input within the web-based management interfaces of these networking devices. When administrators or authorized users interact with the device configuration pages, improperly validated parameters can be stored within the device's database or configuration files, allowing malicious scripts to be executed in the context of the victim's browser session. This vulnerability falls under the Common Weakness Enumeration category CWE-79 which specifically addresses cross-site scripting flaws, and aligns with ATT&CK technique T1059.007 for command and scripting interpreter. The persistent nature of the stored payload means that even after the initial injection, the malicious code remains active and can be triggered repeatedly by any user accessing the vulnerable management interface, making it particularly dangerous for network administrators who regularly interact with these devices.
The operational impact of this vulnerability extends beyond simple browser-based attacks to encompass potential compromise of entire network infrastructures. Network administrators who access these vulnerable devices through web interfaces become potential victims of the stored XSS attack, allowing attackers to execute malicious scripts in their browser context with the privileges of the authenticated user. This could enable attackers to steal session cookies, redirect users to malicious sites, modify device configurations, or even escalate privileges within the network management environment. The widespread deployment of affected NETGEAR devices across both residential and enterprise networks creates a substantial attack surface, as these vulnerabilities can be exploited by threat actors without requiring physical access to the devices. The vulnerability affects multiple generations of networking hardware, suggesting that the underlying input validation flaws exist in core components of the device firmware architecture rather than being isolated to specific product lines.
Organizations should immediately implement mitigation strategies including firmware updates to the latest available versions for all affected device models, which typically include proper input sanitization and output encoding mechanisms. Network segmentation and access controls should be enhanced to limit administrative access to these devices, while implementing additional monitoring for suspicious activities within network management interfaces. Security teams should conduct comprehensive inventory audits to identify all affected devices and establish regular firmware update schedules to prevent similar vulnerabilities from persisting. The vulnerability also highlights the importance of secure coding practices in embedded networking equipment, emphasizing the need for robust input validation and output encoding in all web-based management interfaces. Additionally, implementing network-based intrusion detection systems can help identify potential exploitation attempts, while regular security assessments of network infrastructure components can prevent similar vulnerabilities from being introduced in future device deployments.