Unauthenticated DHCP Configuration Vulnerability in NETGEAR Switches
CVE-2020-35226

7.1HIGH

Key Information:

Vendor: Netgear
Status: Gs116e Firmware
Vendor: CVE Published:; 10 March 2021

Summary

Certain NETGEAR ProSafe Plus JGS516PE and GS116Ev2 switches expose a significant security issue by permitting unauthenticated users to alter DHCP settings. This weakness allows attackers to send specific write request commands to modify switch configurations, potentially leading to network disruptions or unauthorized access to network resources. Users are advised to secure their network settings and monitor for any suspicious changes.

References

https://research.nccgroup.com/2021/03/08/technical-adviso...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2021
Vulnerability Reserved
Dec 13, 2020