Vulnerabilities > Netgear > Gs116E Firmware > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-10 | CVE-2020-35231 | Improper Authentication vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device. | 8.8 |
2021-03-10 | CVE-2020-35229 | Session Fixation vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges. | 8.8 |
2021-03-10 | CVE-2020-35227 | Classic Buffer Overflow vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command. | 7.2 |
2021-03-10 | CVE-2020-35226 | Missing Authentication for Critical Function vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command. | 7.1 |
2021-03-10 | CVE-2020-35223 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests. | 8.8 |
2021-03-10 | CVE-2020-35221 | Inadequate Encryption Strength vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original. | 8.8 |
2020-12-30 | CVE-2020-35801 | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. low complexity netgear | 7.3 |
2020-12-30 | CVE-2020-35784 | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by lack of access control at the function level. | 7.2 |
2020-12-30 | CVE-2020-35782 | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by lack of access control at the function level. low complexity netgear | 8.1 |