Details of VAR-202012-1215

ID

VAR-202012-1215

CVE

CVE-2020-35841

TITLE

plural NETGEAR Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-015035

DESCRIPTION

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2020-35841 // JVNDB: JVNDB-2020-015035

AFFECTED PRODUCTS

vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.24	Trust: 1.0
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.100	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.38	Trust: 1.0
vendor:	netgear	model:	r6700v2	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	netgear	model:	jnr1010v2	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.24	Trust: 1.0
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.66	Trust: 1.0
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.78	Trust: 1.0
vendor:	netgear	model:	r6080	scope:	lt	version:	1.0.0.42	Trust: 1.0
vendor:	netgear	model:	r7450	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	netgear	model:	r6800	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	netgear	model:	jwnr2010v5	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	r6260	scope:	lt	version:	1.1.0.76	Trust: 1.0
vendor:	netgear	model:	wnr1000v4	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	r6020	scope:	lt	version:	1.0.0.42	Trust: 1.0
vendor:	netgear	model:	r6900v2	scope:	lt	version:	1.2.0.62	Trust: 1.0
vendor:	ネットギア	model:	jwnr2010v5	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6120	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6020	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6080	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6050	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6220	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jnr1010v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jr6150	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6200	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015035 // NVD: CVE-2020-35841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35841
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2020-35841
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-35841
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202012-1705
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-35841
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-35841
baseSeverity:	HIGH
baseScore:	7.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	4.7
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-35841
baseSeverity:	MEDIUM
baseScore:	6.9
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	4.7
version:	3.1
Trust: 1.0
NVD:	CVE-2020-35841
baseSeverity:	HIGH
baseScore:	7.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-015035 // CNNVD: CNNVD-202012-1705 // NVD: CVE-2020-35841 // NVD: CVE-2020-35841

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-015035 // NVD: CVE-2020-35841

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1705

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202012-1705

PATCH

title:	Security Advisory for Stored Cross Site Scripting on Some Routers, PSV-2019-0013	url:	https://kb.netgear.com/000062712/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0013	Trust: 0.8
title:	Multiple Netgear Fixes for product cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138093	Trust: 0.6

sources: JVNDB: JVNDB-2020-015035 // CNNVD: CNNVD-202012-1705

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35841	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-015035	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1705	Trust: 0.6

sources: JVNDB: JVNDB-2020-015035 // CNNVD: CNNVD-202012-1705 // NVD: CVE-2020-35841

REFERENCES

url:	https://kb.netgear.com/000062712/security-advisory-for-stored-cross-site-scripting-on-some-routers-psv-2019-0013	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35841	Trust: 1.4

sources: JVNDB: JVNDB-2020-015035 // CNNVD: CNNVD-202012-1705 // NVD: CVE-2020-35841

SOURCES

db:	JVNDB	id:	JVNDB-2020-015035
db:	CNNVD	id:	CNNVD-202012-1705
db:	NVD	id:	CVE-2020-35841

LAST UPDATE DATE

2024-11-23T23:01:10.827000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-015035	date:	2021-09-08T07:32:00
db:	CNNVD	id:	CNNVD-202012-1705	date:	2021-01-12T00:00:00
db:	NVD	id:	CVE-2020-35841	date:	2024-11-21T05:28:16.943

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-015035	date:	2021-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202012-1705	date:	2020-12-29T00:00:00
db:	NVD	id:	CVE-2020-35841	date:	2020-12-30T00:15:16.660