The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.
oryginał ENCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNetgear Gs116e
HWNetgearv2Netgear Gs116e Firmware
OSNetgear2.6.0.43Netgear Jgs516pe
HWNetgearwszystkie wersjeNetgear Jgs516pe Firmware
OSNetgear2.6.0.43
Powiązane podatności
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0....
The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devi...
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuratio...
A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (...