CVE-2020-35784

3 documents3 sources

Severity

7.2HIGH

EPSS

0.3%

top 45.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Gs116e Firmware Netgear Jgs516pe Firmware Netgear Jgs524e Firmware +1 more

Timeline

PublishedDec 30

Latest updateMay 24

Description

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:LExploitability: 0.7 | Impact: 5.5

Affected Packages4 packages

▶NVDnetgear/jgs516pe_firmware< 2.6.0.48

▶NVDnetgear/jgs524pe_firmware< 2.6.0.48

▶NVDnetgear/gs116e_firmware< 2.6.0.48

▶NVDnetgear/jgs524e_firmware< 2.6.0.48

🔴Vulnerability Details

GHSA

GHSA-pf65-88c2-hrfc: Certain NETGEAR devices are affected by lack of access control at the function level↗2022-05-24

▶

CVEList

CVE-2020-35784: Certain NETGEAR devices are affected by lack of access control at the function level↗2020-12-29

▶