CVE-2017-18784
Description
Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting (XSS) vulnerability in numerous NETGEAR routers could allow an attacker to execute arbitrary script in the admin interface.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in the web-based management interface of several NETGEAR router models [1]. Affected devices include the D6200 (before 1.1.00.24), D7000 (before 1.0.1.52), JNR1010v2 (before 1.1.0.44), JWNR2010v5 (before 1.1.0.44), PR2000 (before 1.0.0.20), R6020 (before 1.0.0.26), R6050 (before 1.0.1.12), R6080 (before 1.0.0.26), R6120 (before 1.0.0.36), R6220 (before 1.1.0.60), R6700v2 (before 1.2.0.12), R6800 (before 1.2.0.12), R6900v2 (before 1.2.0.12), WNDR3700v5 (before 1.1.0.50), WNR1000v4 (before 1.1.0.44), WNR2020 (before 1.1.0.44), and WNR2050 (before 1.1.0.44) [1]. The vulnerability allows an attacker to inject malicious script into a web page served by the router's management interface [1]. No authentication or special prerequisites beyond network access to the management interface are mentioned in the advisory.
Exploitation
An attacker with network access to the router's web-based management interface could exploit the XSS vulnerability by crafting a malicious link or input that, when processed by the router, injects and executes arbitrary script in the context of the administrator's session [1]. The exact attack vector (e.g., a crafted URL parameter or form field) is not detailed in the advisory, but standard XSS techniques likely apply. The user does not need to be authenticated, but the script executes within the security context of the admin interface once triggered.
Impact
Successful exploitation allows an attacker to execute arbitrary JavaScript in the browser of an administrator accessing the router's management interface [1]. This could lead to session hijacking, defacement, or theft of sensitive configuration information displayed on the page. The impact is limited to the browser session and does not grant direct access to the router's operating system or network traffic.
Mitigation
NETGEAR has released fixed firmware versions for all affected models [1]. Users should upgrade their router firmware to the latest available version as instructed in the security advisory [1]. There are no workarounds disclosed; installing the patched firmware is the only recommended mitigation. The advisory does not list this CVE in the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- NETGEAR/NETGEAR devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.