CVE-2020-35782
https://notcve.org/view.php?id=CVE-2020-35782
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory. Determinados dispositivos NETGEAR están afectados por una falta de control de acceso en el nivel de función. Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48, JGS524PE versiones anteriores a 2.6.0.48 y GS116Ev2 versiones anteriores a 2.6.0.48. • https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378 https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches •
CVE-2020-35783
https://notcve.org/view.php?id=CVE-2020-35783
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests. Determinados dispositivos NETGEAR están afectados por una falta de control de acceso en el nivel de función. Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, GS116Ev2 versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48 y JGS524PE versiones anteriores a 2.6.0.48. • https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383 https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches •
CVE-2020-35784
https://notcve.org/view.php?id=CVE-2020-35784
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48. Determinados dispositivos NETGEAR están afectados por una falta de control de acceso en el nivel de función. Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, JGS524PE versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48 y GS116Ev2 versiones anteriores a 2.6.0.48. • https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396 •
CVE-2020-35801
https://notcve.org/view.php?id=CVE-2020-35801
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware. Determinados dispositivos NETGEAR están afectados por una configuración incorrecta de los ajustes de seguridad. • https://kb.netgear.com/000062635/Security-Advisory-for-Security-Misconfiguration-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0376 https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches •
CVE-2020-26919 – Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2020-26919
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. Los dispositivos NETGEAR JGS516PE versiones anteriores a 2.6.0.43, están afectados por una falta de control de acceso en el nivel función Netgear JGS516PE devices contain a missing function level access control vulnerability. • https://kb.netgear.com/000062334/Security-Advisory-for-Missing-Function-Level-Access-Control-on-JGS516PE-PSV-2020-0377 •