CVE-2019-20486
MEDIUMNETGEAR WNR1000V4 1.1.0.54 - Stored Cross-Site Scripting via UI Language Configuration
Title source: llmDescription
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI language.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/august/the-netgear-wnr1000v4-round-2/
Scores
CVSS v3
6.1
EPSS
0.0033
EPSS Percentile
55.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
netgear/wnr1000_firmware
1.1.0.54
Published
Mar 02, 2020
Tracked Since
Feb 18, 2026