Vulnerabilities > CVE-2020-35801 - Unspecified vulnerability in Netgear products

CVSS 7.3 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

low complexity

netgear

NVD

Published: 2020-12-30

Updated: 2021-03-23

Summary

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware.

Vulnerable Configurations

Part	Description	Count
OS	Netgear Netgear Jgs516Pe Firmware - Netgear Jgs516Pe Firmware 2.6.0.35 Netgear Jgs516Pe Firmware 2.6.0.43 Netgear Jgs524E Firmware 2.6.0.35 Netgear Jgs524Pe Firmware 2.6.0.35 Netgear Gs116E Firmware 2.6.0.35 Netgear Gs116E Firmware 2.6.0.43	7
Hardware	Netgear Netgear Jgs516Pe - Netgear Jgs524E V2 Netgear Jgs524Pe - Netgear Gs116E V2	4

Summary

Vulnerable Configurations

References