Authentication Bypass in NETGEAR Switches
CVE-2017-18862

6.5MEDIUM

Key Information:

Vendor: Netgear
Status: Jgs516pe Firmware
Vendor: CVE Published:; 28 April 2020

Summary

Various NETGEAR ProSAFE Web Managed Switches are susceptible to an authentication bypass issue. This vulnerability allows an unauthorized individual to gain access to the device management interface without proper authentication. It affects multiple switch models, all of which require updates made before May 11, 2017, to mitigate the risk. Users are urged to review their device firmware and implement the recommended security measures outlined in NETGEAR's security advisory.

References

https://kb.netgear.com/000037849/Security-Advisory-for-Au...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 28, 2020
Vulnerability Reserved
Apr 27, 2020