Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gs116e_firmware
(Netgear)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-30 | CVE-2020-35782 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory. | Gs116e_firmware, Jgs516pe_firmware, Jgs524e_firmware, Jgs524pe_firmware | 8.1 | ||
| 2020-12-30 | CVE-2020-35783 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests. | Gs116e_firmware, Jgs516pe_firmware, Jgs524e_firmware, Jgs524pe_firmware | 6.5 | ||
| 2020-12-30 | CVE-2020-35784 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48. | Gs116e_firmware, Jgs516pe_firmware, Jgs524e_firmware, Jgs524pe_firmware | 7.2 | ||
| 2020-12-30 | CVE-2020-35801 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware. | Gs116e_firmware, Jgs516pe_firmware, Jgs524e_firmware, Jgs524pe_firmware | 7.3 | ||
| 2021-03-10 | CVE-2020-35221 | The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original. | Gs116e_firmware, Jgs516pe_firmware | 8.8 | ||
| 2021-03-10 | CVE-2020-35223 | The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests. | Gs116e_firmware, Jgs516pe_firmware | 8.8 | ||
| 2021-03-10 | CVE-2020-35224 | A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot. | Gs116e_firmware, Jgs516pe_firmware | 6.5 | ||
| 2021-03-10 | CVE-2020-35225 | The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks. | Gs116e_firmware, Jgs516pe_firmware | 6.8 | ||
| 2021-03-10 | CVE-2020-35226 | NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command. | Gs116e_firmware, Jgs516pe_firmware | 7.1 | ||
| 2021-03-10 | CVE-2020-35227 | A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command. | Gs116e_firmware, Jgs516pe_firmware | 7.2 |