Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-35784

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48.

Published

2020-12-30T00:15:13.330

Last Modified

2024-11-21T05:28:05.247

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.2 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	jgs516pe_firmware	< 2.6.0.48	Yes
Hardware	netgear	jgs516pe	-	No
Operating System	netgear	jgs524e_firmware	< 2.6.0.48	Yes
Hardware	netgear	jgs524e	v2	No
Operating System	netgear	jgs524pe_firmware	< 2.6.0.48	Yes
Hardware	netgear	jgs524pe	-	No
Operating System	netgear	gs116e_firmware	< 2.6.0.48	Yes
Hardware	netgear	gs116e	v2	No

References

https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396 Vendor Advisory ([email protected])
https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)