Insecure Password Hashing in NETGEAR ProSafe Plus Switches
CVE-2020-35221

8.8HIGH

Key Information:

Vendor: Netgear
Status: Gs116e Firmware
Vendor: CVE Published:; 10 March 2021

Summary

The NETGEAR ProSafe Plus switches, specifically the JGS516PE and GS116Ev2 models, are affected by a weakness in the password authentication hashing algorithm. This flaw enables attackers who can capture network traffic to generate multiple hash collisions, potentially allowing them to deduce valid passwords or infer elements of the original password. The implications of this vulnerability can lead to unauthorized access and compromise the integrity of network operations.

References

https://research.nccgroup.com/2021/03/08/technical-adviso...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2021
Vulnerability Reserved
Dec 13, 2020