CVE-2020-35838

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the web interface of several NETGEAR router models. The flaw allows an authenticated administrator to inject malicious script code that is stored and later executed in the context of other administrators' browsers. Affected devices include D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10 [1].

Exploitation

An attacker with administrative access to the web interface can craft a malicious script and submit it via a vulnerable input field (e.g., a configuration parameter). The script is stored on the device and subsequently served to other administrators, executing in their browsers. No additional user interaction is required beyond viewing the affected page [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser session. This could lead to session hijacking, theft of sensitive information, or modification of router settings. The impact is limited to the web interface and does not compromise the underlying operating system [1].

Mitigation

NETGEAR has released firmware updates to fix this vulnerability. Users should upgrade to the following versions or later: D7800 1.0.1.56, R7500v2 1.0.3.46, R7800 1.0.2.74, R8900 1.0.4.28, R9000 1.0.4.28, RAX120 1.0.0.78, XR500 2.3.2.56, and XR700 1.0.1.10. No workarounds are available; applying the firmware update is the only mitigation [1].