CVE-2020-35231

CWE-287 — Improper Authentication4 documents4 sources

Severity

8.8HIGH

EPSS

0.1%

top 72.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Gs116e Firmware Netgear Jgs516pe Firmware

Timeline

PublishedMar 10

Latest updateMay 24

Description

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDnetgear/jgs516pe_firmware2.6.0.43

▶NVDnetgear/gs116e_firmware2.6.0.43

🔴Vulnerability Details

GHSA

GHSA-682m-w565-78qm: The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2↗2022-05-24

▶

CVEList

CVE-2020-35231: The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2↗2021-03-10

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible NSDP (Netgear) Remote Authentication Bypass with Factory Reset (CVE-2020-35231)↗2021-03-11

▶