The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HNetgear Gs116e
HWNetgearv2Netgear Gs116e Firmware
OSNetgear2.6.0.43Netgear Jgs516pe
HWNetgearwszystkie wersjeNetgear Jgs516pe Firmware
OSNetgear2.6.0.43
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Powiązane podatności
CVE-2020-26919CRITICAL9.8⚠ KEVten sam produkt
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.
CVE-2020-35227HIGH7.2ten sam produkt
A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (...
CVE-2020-35221HIGH8.8ten sam produkt
The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devi...
CVE-2020-35226HIGH7.1ten sam produkt
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuratio...
CVE-2020-35229HIGH8.8ten sam produkt
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 device...