Security Misconfiguration in NETGEAR Smart Managed Plus Switches
CVE-2020-35801
8.3HIGH
What is CVE-2020-35801?
Certain NETGEAR Smart Managed Plus switches suffer from a security misconfiguration due to an active TFTP server by default, allowing remote authenticated users to update the switch firmware. This misconfiguration impacts several models, including JGS516PE, JGS524Ev2, JGS524PE, and GS116Ev2, which are vulnerable if running versions prior to 2.6.0.48. Proper management of device configurations is essential to mitigate these risks and ensure the security of network infrastructure.