CVE-2020-35801

3 documents3 sources

Severity

7.3HIGH

EPSS

1.7%

top 17.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Gs116e Firmware Netgear Jgs516pe Firmware Netgear Jgs524e Firmware +1 more

Timeline

PublishedDec 30

Latest updateMay 24

Description

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:HExploitability: 2.8 | Impact: 5.5

Affected Packages4 packages

▶NVDnetgear/jgs516pe_firmware< 2.6.0.48

▶NVDnetgear/jgs524pe_firmware< 2.6.0.48

▶NVDnetgear/gs116e_firmware< 2.6.0.48

▶NVDnetgear/jgs524e_firmware< 2.6.0.48

🔴Vulnerability Details

GHSA

GHSA-27g2-h3jp-46x8: Certain NETGEAR devices are affected by incorrect configuration of security settings↗2022-05-24

▶

CVEList

CVE-2020-35801: Certain NETGEAR devices are affected by incorrect configuration of security settings↗2020-12-29

▶