CVE-2019-20645
Description
NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NETGEAR RAX40 routers with firmware before 1.0.3.62 are vulnerable to stored XSS, allowing authenticated high-privilege users to execute scripts.
Vulnerability
Stored cross-site scripting (XSS) vulnerability exists in NETGEAR RAX40 routers running firmware versions prior to 1.0.3.62 [1]. The vulnerability allows an authenticated attacker with high privileges to inject malicious scripts that are stored on the device.
Exploitation
An attacker must have authenticated access with high privileges (e.g., administrator) and local access to the device. User interaction is required to trigger the stored script [1].
Impact
Successful exploitation leads to stored XSS, which could allow the attacker to execute arbitrary scripts in the context of the affected application, potentially leading to low confidentiality and integrity impacts [1].
Mitigation
NETGEAR has released firmware version 1.0.3.62 to address the vulnerability. Users are strongly recommended to download and install the latest firmware from NETGEAR Support [1]. No workarounds are provided.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- NETGEAR/RAX40description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.