CVE-2020-35221

CWE-326 CWE-327 — Broken Cryptographic Algorithm3 documents3 sources

Severity

8.8HIGH

EPSS

0.0%

top 86.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Gs116e Firmware Netgear Jgs516pe Firmware

Timeline

PublishedMar 10

Latest updateMay 24

Description

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDnetgear/jgs516pe_firmware2.6.0.43

▶NVDnetgear/gs116e_firmware2.6.0.43

🔴Vulnerability Details

GHSA

GHSA-358m-5hx2-q7v5: The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2↗2022-05-24

▶

CVEList

CVE-2020-35221: The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2↗2021-03-10

▶