First published: Tue Dec 29 2020(Updated: )
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear Jgs516pe Firmware | <2.6.0.48 | |
NETGEAR JGS516PE | ||
Netgear Jgs524e Firmware | <2.6.0.48 | |
Netgear Jgs524e | =v2 | |
Netgear Jgs524pe Firmware | <2.6.0.48 | |
Netgear Jgs524pe | ||
Netgear Gs116e Firmware | <2.6.0.48 | |
Netgear Gs116e | =v2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35782 is a vulnerability that affects certain NETGEAR devices, specifically JGS516PE, JGS524Ev2, JGS524PE, and GS116Ev2.
CVE-2020-35782 has a severity rating of 8.1, which indicates a high severity.
CVE-2020-35782 affects JGS516PE, JGS524Ev2, JGS524PE, and GS116Ev2 devices.
CVE-2020-35782 allows unauthorized access and improper firmware updates on affected NETGEAR devices.
To mitigate CVE-2020-35782, it is recommended to update the firmware of the affected NETGEAR devices to version 2.6.0.48 or later.