Details of VAR-202012-1216

ID

VAR-202012-1216

CVE

CVE-2020-35842

TITLE

plural NETGEAR Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-014880

DESCRIPTION

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62. plural NETGEAR A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2020-35842 // JVNDB: JVNDB-2020-014880

AFFECTED PRODUCTS

vendor:	netgear	model:	r6050	scope:	lt	version:	1.0.1.24	Trust: 1.0
vendor:	netgear	model:	r6220	scope:	lt	version:	1.1.0.100	Trust: 1.0
vendor:	netgear	model:	d6200	scope:	lt	version:	1.1.00.38	Trust: 1.0
vendor:	netgear	model:	jnr1010v2	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	jr6150	scope:	lt	version:	1.0.1.24	Trust: 1.0
vendor:	netgear	model:	wnr2050	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	r6120	scope:	lt	version:	1.0.0.66	Trust: 1.0
vendor:	netgear	model:	d7000	scope:	lt	version:	1.0.1.78	Trust: 1.0
vendor:	netgear	model:	r6080	scope:	lt	version:	1.0.0.42	Trust: 1.0
vendor:	netgear	model:	jwnr2010v5	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	r6260	scope:	lt	version:	1.1.0.76	Trust: 1.0
vendor:	netgear	model:	wnr1000v4	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	wnr2020	scope:	lt	version:	1.1.0.62	Trust: 1.0
vendor:	netgear	model:	r6020	scope:	lt	version:	1.0.0.42	Trust: 1.0
vendor:	ネットギア	model:	r6020	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6120	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jnr1010v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jr6150	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6050	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jwnr2010v5	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6080	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6220	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-014880 // NVD: CVE-2020-35842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35842
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2020-35842
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-35842
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202012-1707
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-35842
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-35842
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-35842
baseSeverity:	MEDIUM
baseScore:	6.9
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	4.7
version:	3.1
Trust: 1.0
NVD:	CVE-2020-35842
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-014880 // CNNVD: CNNVD-202012-1707 // NVD: CVE-2020-35842 // NVD: CVE-2020-35842

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014880 // NVD: CVE-2020-35842

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1707

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202012-1707

PATCH

title:	Security Advisory for Stored Cross Site Scripting on Some Routers, PSV-2019-0015	url:	https://kb.netgear.com/000062713/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2019-0015	Trust: 0.8
title:	Multiple Netgear Fixes for product cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138250	Trust: 0.6

sources: JVNDB: JVNDB-2020-014880 // CNNVD: CNNVD-202012-1707

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35842	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-014880	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1707	Trust: 0.6

sources: JVNDB: JVNDB-2020-014880 // CNNVD: CNNVD-202012-1707 // NVD: CVE-2020-35842

REFERENCES

url:	https://kb.netgear.com/000062713/security-advisory-for-stored-cross-site-scripting-on-some-routers-psv-2019-0015	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35842	Trust: 1.4

sources: JVNDB: JVNDB-2020-014880 // CNNVD: CNNVD-202012-1707 // NVD: CVE-2020-35842

SOURCES

db:	JVNDB	id:	JVNDB-2020-014880
db:	CNNVD	id:	CNNVD-202012-1707
db:	NVD	id:	CVE-2020-35842

LAST UPDATE DATE

2024-11-23T22:16:10.676000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-014880	date:	2021-09-03T05:32:00
db:	CNNVD	id:	CNNVD-202012-1707	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-35842	date:	2024-11-21T05:28:17.137

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-014880	date:	2021-09-03T00:00:00
db:	CNNVD	id:	CNNVD-202012-1707	date:	2020-12-29T00:00:00
db:	NVD	id:	CVE-2020-35842	date:	2020-12-30T00:15:16.723