Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
21 Nov 2024, 05:28
Type | Values Removed | Values Added |
---|---|---|
References | () https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378 - Vendor Advisory | |
References | () https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ - Exploit, Third Party Advisory |
Information
Published : 2020-12-30 00:15
Updated : 2024-11-21 05:28
NVD link : CVE-2020-35782
Mitre link : CVE-2020-35782
CVE.ORG link : CVE-2020-35782
JSON object : View
Products Affected
netgear
- jgs524e
- gs116e_firmware
- jgs524pe
- jgs516pe
- jgs516pe_firmware
- jgs524pe_firmware
- gs116e
- jgs524e_firmware
CWE