Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
No history.
Information
Published : 2020-12-30 00:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-35782
Mitre link : CVE-2020-35782
CVE.ORG link : CVE-2020-35782
JSON object : View
Products Affected
netgear
- jgs516pe
- jgs524e_firmware
- jgs524e
- jgs516pe_firmware
- gs116e_firmware
- jgs524pe
- jgs524pe_firmware
- gs116e
CWE