HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2020-35227

CVSS 7.2v3.1pub. 2021-03-10upd. 2024-11-21

A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Netgear Gs116e

    HW
    Netgear
    v2
  • Netgear Gs116e Firmware

    OS
    Netgear
    2.6.0.43
  • Netgear Jgs516pe

    HW
    Netgear
    wszystkie wersje
  • Netgear Jgs516pe Firmware

    OS
    Netgear
    2.6.0.43
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2020-26919CRITICAL9.8⚠ KEVten sam produkt

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.

CVE-2020-35223HIGH8.8ten sam produkt

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0....

CVE-2020-35221HIGH8.8ten sam produkt

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devi...

CVE-2020-35226HIGH7.1ten sam produkt

NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuratio...

CVE-2020-35229HIGH8.8ten sam produkt

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 device...