CVE-2020-35229
published 2021-03-10CVE-2020-35229: The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused…
high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgear | gs116e_firmware | — | — |
| netgear | jgs516pe_firmware | — | — |