Access Control Vulnerability in NETGEAR Smart Managed Plus Switches
CVE-2020-35782

8.1HIGH

Key Information:

Vendor: Netgear
Status: Jgs516pe Firmware
Vendor: CVE Published:; 30 December 2020

Summary

Certain NETGEAR Smart Managed Plus Switches are affected by a lack of access control, specifically at the function level. This vulnerability allows attackers to exploit the firmware update mechanism, failing to implement proper validations. As a result, unauthorized remote attackers can write arbitrary data to the internal memory of affected devices, including models JGS516PE, JGS524Ev2, JGS524PE, and GS116Ev2 prior to version 2.6.0.48.

References

https://kb.netgear.com/000062636/Security-Advisory-for-Mi...

x_refsource_MISC

https://research.nccgroup.com/2021/03/08/technical-adviso...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 30, 2020
Vulnerability Reserved
Dec 29, 2020