CVE-2019-20667
Description
Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS vulnerability in multiple NETGEAR WiFi system models allows attackers to inject malicious script; fixed in firmware updates.
Vulnerability
Stored XSS vulnerability in NETGEAR Orbi and similar WiFi systems. Affects RBR20, RBS20, RBK20 before firmware version 2.3.5.26, and RBR40, RBS40, RBK40, RBR50, RBS50, RBK50 before 2.3.5.30 [1].
Exploitation
An attacker must have network access and be able to inject malicious script into a field that is stored and later served to other users. The advisory does not detail specific steps, but typical stored XSS requires low privileges and user interaction to trigger the script [1].
Impact
Successful exploitation can lead to script execution in the context of the affected device's web interface, potentially allowing theft of session cookies, defacement, or redirect to malicious sites. Impact on confidentiality, integrity, and availability [1].
Mitigation
Update firmware to version 2.3.5.26 for RBR20/RBS20/RBK20, and 2.3.5.30 for RBR40/RBS40/RBK40/RBR50/RBS50/RBK50. No workaround provided; NETGEAR recommends immediate update [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- NETGEAR/devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.