CVE-2020-35226

CWE-306Missing AuthenticationCWE-747 documents4 sources
Severity
7.1HIGH
EPSS
0.5%
top 34.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Netgear Gs116e FirmwareNetgear Jgs516pe Firmware
Timeline
PublishedMar 10
Latest updateMay 24

Description

NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-q4rq-hc56-f8p6: NETGEAR JGS516PE/GS116Ev2 v22022-05-24
CVEList
CVE-2020-35226: NETGEAR JGS516PE/GS116Ev2 v22021-03-10

🔍Detection Rules

4
Suricata
ET EXPLOIT Possible NSDP (Netgear) Unauthenticated Write Access to DHCP Config (CVE-2020-35226)2021-03-11
Suricata
ET EXPLOIT Possible NSDP (Netgear) Write Command Buffer Overflow Attempt - 0x0003 (CVE-2020-35225)2021-03-11
Suricata
ET EXPLOIT Possible NSDP (Netgear) Write Command Buffer Overflow Attempt - 0x0005 (CVE-2020-35225)2021-03-11
Suricata
ET EXPLOIT Possible NSDP (Netgear) Write Command Buffer Overflow Attempt - 0x000a (CVE-2020-35225)2021-03-11
CVE-2020-35226 (HIGH CVSS 7.1) | NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 | cvebase.io