CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2020-26919

CVSS 9.8v3.1pub. 2020-10-09upd. 2025-11-07

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear Jgs516pe

    HW
    Netgear
    wszystkie wersje
  • Netgear Jgs516pe Firmware

    OS
    Netgear
    < 2.6.0.43

CISA KEV — detailsi

Vendori
NETGEAR
Producti
JGS516PE Devices
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Netgear JGS516PE devices contain a missing function level access control vulnerability.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 3 maja 2022
CWE
References

Related vulnerabilities

CVE-2020-35226HIGH7.1ten sam produkt

NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuratio...

CVE-2020-35227HIGH7.2ten sam produkt

A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (...

CVE-2020-35223HIGH8.8ten sam produkt

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0....

CVE-2020-35221HIGH8.8ten sam produkt

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devi...

CVE-2020-35229HIGH8.8ten sam produkt

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 device...