CVE-2020-35835

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the web-based management interface of several NETGEAR router models. Affected versions include D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10 [1]. The vulnerability is present when an authenticated user visits a specially crafted URL or page containing the stored payload.

Exploitation

An attacker must first be authenticated to the router's web interface, or convince an authenticated user to interact with a crafted link. The attacker can inject malicious JavaScript or HTML that gets stored on the device (e.g., in configuration fields or logs). When a victim loads the affected admin page, the injected script executes within the context of the router's management session [1].

Impact

Successful exploitation allows the attacker to execute arbitrary client-side scripts in the browser of an authenticated administrator. This can lead to session hijacking, credential theft, or unauthorized configuration changes, compromising the confidentiality and integrity of the router's management interface [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models: D7800 firmware 1.0.1.56, R7500v2 firmware 1.0.3.46, R7800 firmware 1.0.2.74, R8900 firmware 1.0.4.28, R9000 firmware 1.0.4.28, RAX120 firmware 1.0.0.78, XR500 firmware 2.3.2.56, and XR700 firmware 1.0.1.10 [1]. Users are strongly advised to update to the latest firmware as soon as possible [1]. No workarounds are documented.