Lucene search

MitreCVE-2020-35801

HistoryDec 30, 2020 - 12:15 a.m.

CVE-2020-35801

2020-12-3000:15:14

mitre

web.nvd.nist.gov

cve-2020-35801

netgear

security settings

jgs516pe

jgs524ev2

jgs524pe

gs116ev2

firmware update

tftp server

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware.

Affected configurations

Nvd

Node

netgearjgs516pe_firmwareRange<2.6.0.48

AND

netgearjgs516peMatch-

Node

netgearjgs524e_firmwareRange<2.6.0.48

AND

netgearjgs524eMatchv2

Node

netgearjgs524pe_firmwareRange<2.6.0.48

AND

netgearjgs524peMatch-

Node

netgeargs116e_firmwareRange<2.6.0.48

AND

netgeargs116eMatchv2

VendorProductVersionCPE
netgearjgs516pe_firmware*cpe:2.3:o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:*
netgearjgs516pe-cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:*
netgearjgs524e_firmware*cpe:2.3:o:netgear:jgs524e_firmware:*:*:*:*:*:*:*:*
netgearjgs524ev2cpe:2.3:h:netgear:jgs524e:v2:*:*:*:*:*:*:*
netgearjgs524pe_firmware*cpe:2.3:o:netgear:jgs524pe_firmware:*:*:*:*:*:*:*:*
netgearjgs524pe-cpe:2.3:h:netgear:jgs524pe:-:*:*:*:*:*:*:*
netgeargs116e_firmware*cpe:2.3:o:netgear:gs116e_firmware:*:*:*:*:*:*:*:*
netgeargs116ev2cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	jgs516pe_firmware	*	cpe:2.3:o:netgear:jgs516pe_firmware::::::::
netgear	jgs516pe	-	cpe:2.3:h:netgear:jgs516pe:-:::::::*
netgear	jgs524e_firmware	*	cpe:2.3:o:netgear:jgs524e_firmware::::::::
netgear	jgs524e	v2	cpe:2.3:h:netgear:jgs524e:v2:::::::*
netgear	jgs524pe_firmware	*	cpe:2.3:o:netgear:jgs524pe_firmware::::::::
netgear	jgs524pe	-	cpe:2.3:h:netgear:jgs524pe:-:::::::*
netgear	gs116e_firmware	*	cpe:2.3:o:netgear:gs116e_firmware::::::::
netgear	gs116e	v2	cpe:2.3:h:netgear:gs116e:v2:::::::*

References

kb.netgear.com/000062635/Security-Advisory-for-Security-Misconfiguration-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0376

research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/

Social References

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON

Related for CVE-2020-35801