CVE-2020-35783 — Netgear Gs116e Firmware vulnerability

3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.9%

top 24.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Gs116e Firmware Netgear Jgs516pe Firmware Netgear Jgs524e Firmware +1 more

Timeline

PublishedDec 30

Latest updateMay 24

Description

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDnetgear/jgs516pe_firmware< 2.6.0.48

▶NVDnetgear/jgs524pe_firmware< 2.6.0.48

▶NVDnetgear/gs116e_firmware< 2.6.0.48

▶NVDnetgear/jgs524e_firmware< 2.6.0.48

🔴Vulnerability Details

GHSA

GHSA-8xph-6v8f-88rf: Certain NETGEAR devices are affected by lack of access control at the function level↗2022-05-24

▶

CVEList

CVE-2020-35783: Certain NETGEAR devices are affected by lack of access control at the function level↗2020-12-29

▶