First published: Wed Mar 10 2021(Updated: )
The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear Gs116e Firmware | =2.6.0.43 | |
Netgear Gs116e | =v2 | |
Netgear Jgs516pe Firmware | =2.6.0.43 | |
NETGEAR JGS516PE |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35221 is a vulnerability in the hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices.
CVE-2020-35221 has a severity rating of 8.8 (high).
CVE-2020-35221 affects NETGEAR JGS516PE/GS116Ev2v2.6.0.43 devices by allowing attackers to generate valid passwords or infer parts of the original password.
NETGEAR Gs116e devices with firmware version 2.6.0.43 are vulnerable to CVE-2020-35221.
To fix CVE-2020-35221, it is recommended to update the firmware of affected NETGEAR devices to a secure version.