CVE-2020-11775
Description
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in multiple NETGEAR devices allows an authenticated attacker to inject arbitrary JavaScript, potentially leading to session hijacking.
Vulnerability
A stored cross-site scripting (XSS) vulnerability exists in the web management interface of multiple NETGEAR devices [1]. The vulnerability affects the following firmware versions: D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10 [1]. The vulnerability occurs in the router's administrative web interface, where user-supplied input is not properly sanitized before being stored and later rendered in the admin panel.
Exploitation
An attacker must be authenticated to the device's web-based administration interface [1]. The attacker can inject malicious JavaScript code into a field that is subsequently displayed to other administrators (e.g., in a settings page or log view). The injected script will be stored on the device and executed in the browsers of other authenticated users who view the affected page [1]. No additional user interaction beyond viewing the page is required for the script to execute.
Impact
Successful exploitation allows an authenticated attacker to execute arbitrary JavaScript in the context of another administrator's session. This can lead to theft of session cookies, manipulation of the web interface, or other actions that the victim administrator can perform on the router. The impact is limited to the administrative interface and does not directly allow remote code execution or privilege escalation beyond existing administrative access, but it can be used to hijack sessions or perform actions on behalf of other administrators.
Mitigation
NETGEAR has released firmware updates to remediate this vulnerability [1]. Users should update their devices to the fixed versions: D7800 1.0.1.56, R7500v2 1.0.3.46, R7800 1.0.2.68, R8900 1.0.4.28, R9000 1.0.4.28, RAX120 1.0.0.78, RBR20 2.3.5.26, RBS20 2.3.5.26, RBK20 2.3.5.26, RBR40 2.3.5.30, RBS40 2.3.5.30, RBK40 2.3.5.30, RBR50 2.3.5.30, RBS50 2.3.5.30, RBK50 2.3.5.30, XR500 2.3.2.56, and XR700 1.0.1.10. Firmware can be downloaded from the NETGEAR Support website [1]. There is no known workaround; applying the firmware update is the only mitigation.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- NETGEAR/devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.