NETGEAR.Orbi.GuestPortal.XSS
Description
This indicates an attack attempts to exploit a stored Cross-site Scripting vulnerability in Netgear Routers.
The vulnerability is caused by insufficient sanitizing of user supplied inputs on Guest Portal page. A remote attacker may be able to exploit this to execute arbitrary script code within the context of the application
Affected Products
SRR60, running firmware versions prior to 2.2.1.210
SRS60, running firmware versions prior to 2.2.1.210
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the application
Recommended Actions
Refer to the vendor's advisory for updates:
https://kb.netgear.com/000060458/Security-Advisory-for-Stored-Cross-Site-Scripting-on-SRS60-and-SRR60-PSV-2018-0218
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |