CVE-2020-35801

8.3HIGH

Key Information:

Vendor: Netgear
Status: Jgs516pe Firmware
Vendor: CVE Published:; 30 December 2020

Summary

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware.

References

https://kb.netgear.com/000062635/Security-Advisory-for-Se...

x_refsource_MISC

https://research.nccgroup.com/2021/03/08/technical-adviso...

x_refsource_MISC

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 30, 2020
Vulnerability Reserved
Dec 29, 2020