CVE-2020-35782

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory.

CVSS v3 8.1 HIGH
CVSS v2.0 7.8 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:A/AC:L/Au:N/C:N/I:C/A:C

Exploitability : 6.5 / Impact : 9.2

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378	Vendor Advisory
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netgear:jgs524e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jgs524e:v2:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:netgear:jgs524pe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:jgs524pe:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netgear:gs116e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-12-30 00:15

Updated : 2024-02-28 18:08

NVD link : CVE-2020-35782

Mitre link : CVE-2020-35782

CVE.ORG link : CVE-2020-35782

JSON object : View

Products Affected

netgear

jgs516pe
jgs524e_firmware
jgs524e
jgs516pe_firmware
gs116e_firmware
jgs524pe
jgs524pe_firmware
gs116e

CWE

NVD-CWE-Other

{"id": "CVE-2020-35782", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 9.2, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2020-12-30T00:15:13.207", "references": [{"url": "https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory."}, {"lang": "es", "value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una falta de control de acceso en el nivel de funci\u00f3n. Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48, JGS524PE versiones anteriores a 2.6.0.48 y GS116Ev2 versiones anteriores a 2.6.0.48. El mecanismo de actualizaci\u00f3n del firmware TFTP no implementa correctamente las validaciones del firmware, lo que permite a los atacantes remotos escribir datos arbitrarios en la memoria interna"}], "lastModified": "2021-03-26T19:56:52.343", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83FA56EB-35CD-4A58-8019-C4597AAC0104", "versionEndExcluding": "2.6.0.48"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DCBC0DAB-226E-4C95-9818-7758D37EFD10"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:jgs524e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19D0AC3E-87B5-435A-B203-E9759A4A5396", "versionEndExcluding": "2.6.0.48"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:jgs524e:v2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CFF899BD-AA1E-4C47-BCFD-5E32F75F538A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:jgs524pe_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62D7F6C3-8104-4C7D-AE9D-8C96D40221A3", "versionEndExcluding": "2.6.0.48"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:jgs524pe:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D4A32288-19B5-4A8F-B883-FCC326B7032D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:gs116e_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CCEFE31-BAA8-4791-BB66-27D341EAE6C7", "versionEndExcluding": "2.6.0.48"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6DA5EF92-9B28-4C81-8A95-C5BCEC19591A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}