Jgs516pe Firmware

jgs516pe_firmware

Vendor: Netgear • 20 CVEs

CVEs (20)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-35233 1Netgear 2Gs116e Firmware Jgs516pe Firmware Nov 21, 2024 Mar 10, 2021 N/A· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack...Show more The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack.Show less
CVE-2020-35231 1Netgear 2Gs116e Firmware Jgs516pe Firmware Nov 21, 2024 Mar 10, 2021 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device.
CVE-2020-35230 1Netgear 2Gs116e Firmware Jgs516pe Firmware Nov 21, 2024 Mar 10, 2021 N/A· v4 6.8 MEDIUM· v3 6.7 MEDIUM· v2 Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial o...Show more Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack.Show less
CVE-2020-35229 1Netgear 2Gs116e Firmware Jgs516pe Firmware Nov 21, 2024 Mar 10, 2021 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with a...Show more The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.Show less
CVE-2020-35228 1Netgear 2Gs116e Firmware Jgs516pe Firmware Nov 21, 2024 Mar 10, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter.
CVE-2020-35227 1Netgear 2Gs116e Firmware Jgs516pe Firmware Nov 21, 2024 Mar 10, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedL...Show more A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.Show less
CVE-2020-35226 1Netgear 2Gs116e Firmware Jgs516pe Firmware Nov 21, 2024 Mar 10, 2021 N/A· v4 7.1 HIGH· v3 4.8 MEDIUM· v2 NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command.
CVE-2020-35225 1Netgear 2Gs116e Firmware Jgs516pe Firmware Nov 21, 2024 Mar 10, 2021 N/A· v4 6.8 MEDIUM· v3 5.2 MEDIUM· v2 The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks.
CVE-2020-35224 1Netgear 2Gs116e Firmware Jgs516pe Firmware Nov 21, 2024 Mar 10, 2021 N/A· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.
CVE-2020-35223 1Netgear 2Gs116e Firmware Jgs516pe Firmware Nov 21, 2024 Mar 10, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.
CVE-2020-35221 1Netgear 2Gs116e Firmware Jgs516pe Firmware Nov 21, 2024 Mar 10, 2021 N/A· v4 8.8 HIGH· v3 3.3 LOW· v2 The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multip...Show more The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original.Show less
CVE-2020-35801 1Netgear 4Gs116e Firmware Jgs516pe FirmwareJgs524e Firmware+1 more Nov 21, 2024 Dec 30, 2020 N/A· v4 7.3 HIGH· v3 5.5 MEDIUM· v2 Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP serve...Show more Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware.Show less
CVE-2020-35784 1Netgear 4Gs116e Firmware Jgs516pe FirmwareJgs524e Firmware+1 more Nov 21, 2024 Dec 30, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48.
CVE-2020-35783 1Netgear 4Gs116e Firmware Jgs516pe FirmwareJgs524e Firmware+1 more Nov 21, 2024 Dec 30, 2020 N/A· v4 6.5 MEDIUM· v3 5.0 MEDIUM· v2 Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP pro...Show more Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests.Show less
CVE-2020-35782 1Netgear 4Gs116e Firmware Jgs516pe FirmwareJgs524e Firmware+1 more Nov 21, 2024 Dec 30, 2020 N/A· v4 8.1 HIGH· v3 7.8 HIGH· v2 Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP fir...Show more Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory.Show less
CVE-2020-26919 1Netgear 1Jgs516pe Firmware Nov 7, 2025 Oct 9, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.
CVE-2017-18862 1Netgear 12Gs105e Firmware Gs105pe FirmwareGs108e Firmware+9 more Nov 21, 2024 Apr 28, 2020 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS10...Show more Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11.Show less
CVE-2019-20676 1Netgear 22Fs728tlp Firmware Gs105e FirmwareGs105pe Firmware+19 more Nov 21, 2024 Apr 15, 2020 N/A· v4 6.0 MEDIUM· v3 3.6 LOW· v2 Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06...Show more Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.Show less
CVE-2019-20658 1Netgear 21Fs728tlp Firmware Gs105e FirmwareGs105pe Firmware+18 more Nov 21, 2024 Apr 15, 2020 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS11...Show more Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.Show less
CVE-2020-11791 1Netgear 1Jgs516pe Firmware Nov 21, 2024 Apr 15, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS.