← Back

CVE-2020-35783

nvd nist
Published: Dec 30, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests.

Affected (4)

Netgear
4 products
Jgs516pe Firmware
Jgs524e Firmware
Jgs524pe Firmware
Gs116e Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jgs516pe Firmware
Before 2.6.0.48
Running on/withPlatform Versions
Netgear
Jgs516pe
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jgs524e Firmware
Before 2.6.0.48
Running on/withPlatform Versions
Netgear
Jgs524e
Version v2
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Jgs524pe Firmware
Before 2.6.0.48
Running on/withPlatform Versions
Netgear
Jgs524pe
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gs116e Firmware
Before 2.6.0.48
Running on/withPlatform Versions
Netgear
Gs116e
Version v2

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable

Timeline

No history available yet.