CVE-2020-35782

3 documents3 sources

Severity

8.1HIGH

EPSS

0.5%

top 33.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Gs116e Firmware Netgear Jgs516pe Firmware Netgear Jgs524e Firmware +1 more

Timeline

PublishedDec 30

Latest updateMay 24

Description

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

▶NVDnetgear/jgs516pe_firmware< 2.6.0.48

▶NVDnetgear/jgs524pe_firmware< 2.6.0.48

▶NVDnetgear/gs116e_firmware< 2.6.0.48

▶NVDnetgear/jgs524e_firmware< 2.6.0.48

🔴Vulnerability Details

GHSA

GHSA-j8r6-c45m-jv6q: Certain NETGEAR devices are affected by lack of access control at the function level↗2022-05-24

▶

CVEList

CVE-2020-35782: Certain NETGEAR devices are affected by lack of access control at the function level↗2020-12-29

▶