HIGH✓ PATCH🇬🇧 English

CVE-2020-35227

CVSS 7.2v3.1pub. 2021-03-10upd. 2024-11-21

A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Netgear Gs116e

    HW
    Netgear
    v2
  • Netgear Gs116e Firmware

    OS
    Netgear
    2.6.0.43
  • Netgear Jgs516pe

    HW
    Netgear
    wszystkie wersje
  • Netgear Jgs516pe Firmware

    OS
    Netgear
    2.6.0.43
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2020-26919CRITICAL9.8⚠ KEVten sam produkt

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.

CVE-2020-35223HIGH8.8ten sam produkt

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0....

CVE-2020-35221HIGH8.8ten sam produkt

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devi...

CVE-2020-35226HIGH7.1ten sam produkt

NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuratio...

CVE-2020-35229HIGH8.8ten sam produkt

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 device...