First published: Tue Dec 29 2020(Updated: )
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear Jgs516pe Firmware | <2.6.0.48 | |
NETGEAR JGS516PE | ||
Netgear Jgs524e Firmware | <2.6.0.48 | |
Netgear Jgs524e | =v2 | |
Netgear Jgs524pe Firmware | <2.6.0.48 | |
Netgear Jgs524pe | ||
Netgear Gs116e Firmware | <2.6.0.48 | |
Netgear Gs116e | =v2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-35783.
This vulnerability affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48.
The severity of CVE-2020-35783 is medium with a CVSS score of 6.5.
This vulnerability allows unauthenticated remote attackers to obtain all the switch configuration settings.
Yes, a firmware update is available to fix this vulnerability. Please refer to the vendor's security advisory for instructions.