CVE-2020-35814
Description
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple NETGEAR routers and WiFi systems are affected by a stored XSS vulnerability due to improper sanitization in the firmware before specified versions.
Vulnerability
The vulnerability is a stored cross-site scripting (XSS) flaw present in the web management interfaces of numerous NETGEAR routers and WiFi systems. The affected models and their vulnerable firmware versions are: D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10 [1]. The advisory does not specify the exact input field that fails to sanitize, but any user-controlled data that is stored and later rendered in the web interface could be exploited.
Exploitation
An attacker would need network access to the device's management interface. The attacker must be able to authenticate to the web UI or trick an authenticated administrator into performing actions that inject malicious script. The stored XSS payload would be persisted on the device (e.g., in a configuration field or log entry) and then executed in the browser of any subsequent administrator who views that page. No additional privileges beyond user-level access are required if the injection point allows non-admin inputs.
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript within the context of the affected web interface. This can lead to session hijacking, credential theft, unauthorized administrative actions, or defacement. The impact is limited to the device's management interface and does not extend to connected clients or the internet-facing services unless the attacker leverages further post-exploitation steps.
Mitigation
NETGEAR has released fixed firmware versions for all affected models. Users should upgrade to: D7800 firmware 1.0.1.56 or later, R7800 1.0.2.74, R8900 1.0.4.28, R9000 1.0.4.28, RAX120 1.0.0.78, RBK20/RBR20/RBS20 2.3.5.26, RBK40/RBR40/RBS40/RBK50/RBR50/RBS50 2.3.5.30, XR500 2.3.2.56, and XR700 1.0.1.10 [1]. The firmware is available from the NETGEAR Support website. No workarounds beyond restricting management access are provided. This CVE is not listed in the KEV catalog as of the publication date.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- NETGEAR/D7800description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.