First published: Wed Mar 10 2021(Updated: )
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear Gs116e Firmware | =2.6.0.43 | |
Netgear Gs116e | =v2 | |
Netgear Jgs516pe Firmware | =2.6.0.43 | |
NETGEAR JGS516PE |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2020-35223.
The severity of CVE-2020-35223 is high with a CVSS score of 8.8.
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices are affected by CVE-2020-35223.
The CSRF protection mechanism can be bypassed by omitting the CSRF token parameter in HTTP requests.
More information about CVE-2020-35223 can be found at the following reference link: [https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/](https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/)