First published: Wed Mar 10 2021(Updated: )
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear Gs116e Firmware | =2.6.0.43 | |
Netgear Gs116e | =v2 | |
Netgear Jgs516pe Firmware | =2.6.0.43 | |
NETGEAR JGS516PE |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35229 is a vulnerability that allows attackers to gain administrative privileges on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices.
CVE-2020-35229 has a severity rating of 8.8 (high).
Attackers can exploit CVE-2020-35229 by reusing the authentication token required for NSDP write requests.
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices are affected by CVE-2020-35229.
No, the NETGEAR GS116E device is not vulnerable to CVE-2020-35229.