← Back

CVE-2020-35782

nvd nist
Published: Dec 30, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Exploitability: 2.8 / Impact: 5.2
Source: NVD

Description

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory.

Affected (4)

Netgear
4 products
Jgs516pe Firmware
Jgs524e Firmware
Jgs524pe Firmware
Gs116e Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jgs516pe Firmware
Before 2.6.0.48
Running on/withPlatform Versions
Netgear
Jgs516pe
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jgs524e Firmware
Before 2.6.0.48
Running on/withPlatform Versions
Netgear
Jgs524e
Version v2
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jgs524pe Firmware
Before 2.6.0.48
Running on/withPlatform Versions
Netgear
Jgs524pe
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gs116e Firmware
Before 2.6.0.48
Running on/withPlatform Versions
Netgear
Gs116e
Version v2

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.