CVE-2020-9419: n/a in n/a
Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the LAN configuration section of the administrative dashboard.
AI Analysis
Technical Summary
CVE-2020-9419 is a medium-severity vulnerability involving multiple stored cross-site scripting (XSS) flaws in Arcadyan WiFi routers, specifically the VRV9506JAC23 model. The vulnerability arises from insufficient input sanitization of the 'hostName' and 'domain_name' parameters within the LAN configuration section of the router's administrative web dashboard. An attacker with at least limited privileges (PR:L) and requiring user interaction (UI:R) can inject arbitrary HTML or JavaScript code that is persistently stored and executed when an administrator or user accesses the affected configuration page. The vulnerability has a CVSS v3.1 base score of 5.4, reflecting its medium severity. The attack vector is network-based (AV:N), meaning the attacker can exploit it remotely over the network. The scope is changed (S:C), indicating that exploitation can affect resources beyond the initially vulnerable component, potentially impacting the confidentiality and integrity of the router's administrative interface. The vulnerability does not affect availability directly. No public exploits are currently known in the wild, and no patches or vendor advisories are listed, which may indicate limited public awareness or vendor response. The underlying weakness is classified as CWE-79, which is a common web application security flaw allowing script injection. Given the nature of the device (a home or small office WiFi router), exploitation could allow attackers to hijack administrative sessions, steal credentials, or manipulate router settings, potentially leading to broader network compromise or persistent access.
Potential Impact
For European organizations, especially small and medium enterprises (SMEs) and home office users relying on Arcadyan VRV9506JAC23 routers, this vulnerability poses a risk to network security and administrative control. Successful exploitation could lead to unauthorized access to router management interfaces, enabling attackers to alter DNS settings, redirect traffic, or install persistent malware on the network. This could compromise confidentiality by exposing internal network data, integrity by modifying router configurations, and indirectly affect availability through misconfiguration or further attacks. Given the router’s role as a network gateway, exploitation could facilitate lateral movement within organizational networks or enable man-in-the-middle attacks. While the vulnerability requires some level of privilege and user interaction, the remote network attack vector increases the risk surface, especially if default or weak credentials are used. European organizations with limited IT security resources may be particularly vulnerable due to delayed patching or device replacement cycles. The absence of known exploits reduces immediate risk but does not eliminate the threat, as attackers could develop exploits targeting this vulnerability.
Mitigation Recommendations
1. Immediate mitigation should include restricting access to the router’s administrative interface to trusted networks and IP addresses, ideally limiting management to wired connections or VPN access only. 2. Change default or weak administrative credentials to strong, unique passwords to reduce the risk of privilege escalation. 3. Disable remote management features if not required to minimize exposure. 4. Monitor router logs and network traffic for unusual activity indicative of exploitation attempts. 5. If possible, update the router firmware to the latest version, even if no official patch for this vulnerability is available, as vendors may have released security improvements. 6. Consider network segmentation to isolate critical systems from devices with known vulnerabilities. 7. Educate users and administrators about the risks of interacting with suspicious links or inputs in the router’s management interface. 8. For organizations with large deployments, implement automated scanning and vulnerability management to identify affected devices. 9. Engage with the vendor or service provider to request security updates or replacement devices if no patch is forthcoming. 10. As a longer-term measure, evaluate alternative router solutions with stronger security postures and active vendor support.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium
CVE-2020-9419: n/a in n/a
Description
Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the LAN configuration section of the administrative dashboard.
AI-Powered Analysis
Technical Analysis
CVE-2020-9419 is a medium-severity vulnerability involving multiple stored cross-site scripting (XSS) flaws in Arcadyan WiFi routers, specifically the VRV9506JAC23 model. The vulnerability arises from insufficient input sanitization of the 'hostName' and 'domain_name' parameters within the LAN configuration section of the router's administrative web dashboard. An attacker with at least limited privileges (PR:L) and requiring user interaction (UI:R) can inject arbitrary HTML or JavaScript code that is persistently stored and executed when an administrator or user accesses the affected configuration page. The vulnerability has a CVSS v3.1 base score of 5.4, reflecting its medium severity. The attack vector is network-based (AV:N), meaning the attacker can exploit it remotely over the network. The scope is changed (S:C), indicating that exploitation can affect resources beyond the initially vulnerable component, potentially impacting the confidentiality and integrity of the router's administrative interface. The vulnerability does not affect availability directly. No public exploits are currently known in the wild, and no patches or vendor advisories are listed, which may indicate limited public awareness or vendor response. The underlying weakness is classified as CWE-79, which is a common web application security flaw allowing script injection. Given the nature of the device (a home or small office WiFi router), exploitation could allow attackers to hijack administrative sessions, steal credentials, or manipulate router settings, potentially leading to broader network compromise or persistent access.
Potential Impact
For European organizations, especially small and medium enterprises (SMEs) and home office users relying on Arcadyan VRV9506JAC23 routers, this vulnerability poses a risk to network security and administrative control. Successful exploitation could lead to unauthorized access to router management interfaces, enabling attackers to alter DNS settings, redirect traffic, or install persistent malware on the network. This could compromise confidentiality by exposing internal network data, integrity by modifying router configurations, and indirectly affect availability through misconfiguration or further attacks. Given the router’s role as a network gateway, exploitation could facilitate lateral movement within organizational networks or enable man-in-the-middle attacks. While the vulnerability requires some level of privilege and user interaction, the remote network attack vector increases the risk surface, especially if default or weak credentials are used. European organizations with limited IT security resources may be particularly vulnerable due to delayed patching or device replacement cycles. The absence of known exploits reduces immediate risk but does not eliminate the threat, as attackers could develop exploits targeting this vulnerability.
Mitigation Recommendations
1. Immediate mitigation should include restricting access to the router’s administrative interface to trusted networks and IP addresses, ideally limiting management to wired connections or VPN access only. 2. Change default or weak administrative credentials to strong, unique passwords to reduce the risk of privilege escalation. 3. Disable remote management features if not required to minimize exposure. 4. Monitor router logs and network traffic for unusual activity indicative of exploitation attempts. 5. If possible, update the router firmware to the latest version, even if no official patch for this vulnerability is available, as vendors may have released security improvements. 6. Consider network segmentation to isolate critical systems from devices with known vulnerabilities. 7. Educate users and administrators about the risks of interacting with suspicious links or inputs in the router’s management interface. 8. For organizations with large deployments, implement automated scanning and vulnerability management to identify affected devices. 9. Engage with the vendor or service provider to request security updates or replacement devices if no patch is forthcoming. 10. As a longer-term measure, evaluate alternative router solutions with stronger security postures and active vendor support.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2020-02-27T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d984ac4522896dcbf7835
Added to database: 5/21/2025, 9:09:30 AM
Last enriched: 6/21/2025, 4:22:59 PM
Last updated: 7/26/2025, 8:47:04 AM
Views: 10
Related Threats
CVE-2025-6572: CWE-79 Cross-Site Scripting (XSS) in OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)
HighCVE-2025-54959: Improper limitation of a pathname to a restricted directory ('Path Traversal') in Mubit co.,ltd. Powered BLUE 870
MediumCVE-2025-54958: Improper neutralization of special elements used in an OS command ('OS Command Injection') in Mubit co.,ltd. Powered BLUE 870
MediumCVE-2025-54940: Code injection in WPEngine, Inc. Advanced Custom Fields
LowCVE-2025-8708: Deserialization in Antabot White-Jotter
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.