Authentication Bypass in NETGEAR Smart Managed Plus Switches
CVE-2020-26921

8.3HIGH

Key Information:

Vendor: Netgear
Status: Gs110emx Firmware
Vendor: CVE Published:; 9 October 2020

Summary

Certain NETGEAR Smart Managed Plus Switches are susceptible to an authentication bypass issue. Attackers can exploit this vulnerability to gain unauthorized access to the device settings, potentially compromising network security. This affects specific models, which have not been updated to the latest firmware versions, reinforcing the importance of timely updates and security patches.

References

https://kb.netgear.com/000062332/Security-Advisory-for-Au...

x_refsource_MISC

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 9, 2020
Vulnerability Reserved
Oct 9, 2020