Details of VAR-202012-1214

ID

VAR-202012-1214

CVE

CVE-2020-35840

TITLE

plural NETGEAR Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-014881

DESCRIPTION

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2020-35840 // JVNDB: JVNDB-2020-014881

AFFECTED PRODUCTS

vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.24	Trust: 1.0
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.100	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.38	Trust: 1.0
vendor:	netgear	model:	jnr1010v2	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.24	Trust: 1.0
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.66	Trust: 1.0
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.78	Trust: 1.0
vendor:	netgear	model:	r6080	scope:	lt	version:	1.0.0.42	Trust: 1.0
vendor:	netgear	model:	jwnr2010v5	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	r6260	scope:	lt	version:	1.1.0.76	Trust: 1.0
vendor:	netgear	model:	wnr1000v4	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	r6020	scope:	lt	version:	1.0.0.42	Trust: 1.0
vendor:	ネットギア	model:	r6020	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6120	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jnr1010v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jr6150	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6050	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jwnr2010v5	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6080	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6220	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-014881 // NVD: CVE-2020-35840

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35840
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2020-35840
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-35840
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202012-1708
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-35840
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-35840
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-35840
baseSeverity:	MEDIUM
baseScore:	6.9
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	4.7
version:	3.1
Trust: 1.0
NVD:	CVE-2020-35840
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-014881 // CNNVD: CNNVD-202012-1708 // NVD: CVE-2020-35840 // NVD: CVE-2020-35840

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014881 // NVD: CVE-2020-35840

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1708

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202012-1708

PATCH

title:

Security Advisory for Stored Cross Site Scripting on Some Routers, PSV-2019-0010

url:

https://kb.netgear.com/000062711/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0010

Trust: 0.8

sources: JVNDB: JVNDB-2020-014881

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35840	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-014881	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1708	Trust: 0.6

sources: JVNDB: JVNDB-2020-014881 // CNNVD: CNNVD-202012-1708 // NVD: CVE-2020-35840

REFERENCES

url:	https://kb.netgear.com/000062711/security-advisory-for-stored-cross-site-scripting-on-some-routers-psv-2019-0010	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35840	Trust: 1.4

sources: JVNDB: JVNDB-2020-014881 // CNNVD: CNNVD-202012-1708 // NVD: CVE-2020-35840

SOURCES

db:	JVNDB	id:	JVNDB-2020-014881
db:	CNNVD	id:	CNNVD-202012-1708
db:	NVD	id:	CVE-2020-35840

LAST UPDATE DATE

2024-11-23T22:33:13.792000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-014881	date:	2021-09-03T05:32:00
db:	CNNVD	id:	CNNVD-202012-1708	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-35840	date:	2024-11-21T05:28:16.760

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-014881	date:	2021-09-03T00:00:00
db:	CNNVD	id:	CNNVD-202012-1708	date:	2020-12-29T00:00:00
db:	NVD	id:	CVE-2020-35840	date:	2020-12-30T00:15:16.597