Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-35782

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory.

Published

2020-12-30T00:15:13.207

Last Modified

2024-11-21T05:28:04.850

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:N/I:C/A:C

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

6.5

Impact Score

9.2

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System netgear jgs516pe_firmware < 2.6.0.48 Yes
Hardware netgear jgs516pe - No
Operating System netgear jgs524e_firmware < 2.6.0.48 Yes
Hardware netgear jgs524e v2 No
Operating System netgear jgs524pe_firmware < 2.6.0.48 Yes
Hardware netgear jgs524pe - No
Operating System netgear gs116e_firmware < 2.6.0.48 Yes
Hardware netgear gs116e v2 No
References