⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-26919 — Netgear Jgs516pe Firmware vulnerability

9 documents8 sources

Severity

9.8CRITICALNVD

EPSS

93.8%

top 0.14%

CISA KEV

KEV

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Netgear Jgs516pe Firmware

Timeline

PublishedOct 9

KEV addedNov 3

KEV dueMay 3

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDnetgear/jgs516pe_firmware< 2.6.0.43

🔴Vulnerability Details

GHSA

GHSA-cwxx-ph2v-87p8: NETGEAR JGS516PE devices before 2↗2022-05-24

▶

CVEList

CVE-2020-26919: NETGEAR JGS516PE devices before 2↗2020-10-09

▶

VulnCheck

Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability↗2020

▶

💥Exploits & PoCs

Nuclei

NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution

▶

🔍Detection Rules

Suricata

ET EXPLOIT Netgear ProSAFE Plus Unauthenticated RCE Inbound (CVE-2020-26919)↗2021-03-11

▶

📋Vendor Advisories

CISA

Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability↗2021-11-03

▶

🕵️Threat Intelligence

Unit42

New Mirai Variant Targeting Network Security Devices↗2021-03-16

▶

Unit42

New Mirai Variant Targeting Network Security Devices↗2021-03-16

▶