Vulnerabilities > Netgear > Gs116E Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-03-10 CVE-2020-35233 Resource Exhaustion vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack.
low complexity
netgear CWE-400
6.5
2021-03-10 CVE-2020-35231 Improper Authentication vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device.
low complexity
netgear CWE-287
8.8
2021-03-10 CVE-2020-35230 Integer Overflow or Wraparound vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices.
low complexity
netgear CWE-190
6.8
2021-03-10 CVE-2020-35229 Session Fixation vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.
low complexity
netgear CWE-384
8.8
2021-03-10 CVE-2020-35228 Cross-site Scripting vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter.
network
low complexity
netgear CWE-79
4.8
2021-03-10 CVE-2020-35227 Classic Buffer Overflow vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.
network
low complexity
netgear CWE-120
7.2
2021-03-10 CVE-2020-35226 Missing Authentication for Critical Function vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command.
low complexity
netgear CWE-306
7.1
2021-03-10 CVE-2020-35225 Classic Buffer Overflow vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks.
low complexity
netgear CWE-120
6.8
2021-03-10 CVE-2020-35224 Classic Buffer Overflow vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.
low complexity
netgear CWE-120
6.5
2021-03-10 CVE-2020-35223 Cross-Site Request Forgery (CSRF) vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.
network
low complexity
netgear CWE-352
8.8