CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35221
https://notcve.org/view.php?id=CVE-2020-35221
The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original. Se encontró que el algoritmo hash implementado para la autenticación de contraseña NSDP en dispositivos NETGEAR JGS516PE/GS116Ev2 versión v2.6.0.43, era no seguro, lo cual permite a atacantes (con acceso a una captura de red) generar rápidamente múltiples colisiones para generar contraseñas válidas o inferir algunas partes del original • https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches • CWE-326: Inadequate Encryption Strength •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 1CVE-2020-35782
https://notcve.org/view.php?id=CVE-2020-35782
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory. Determinados dispositivos NETGEAR están afectados por una falta de control de acceso en el nivel de función. Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48, JGS524PE versiones anteriores a 2.6.0.48 y GS116Ev2 versiones anteriores a 2.6.0.48. • https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378 https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-35783
https://notcve.org/view.php?id=CVE-2020-35783
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests. Determinados dispositivos NETGEAR están afectados por una falta de control de acceso en el nivel de función. Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, GS116Ev2 versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48 y JGS524PE versiones anteriores a 2.6.0.48. • https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383 https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2020-35784
https://notcve.org/view.php?id=CVE-2020-35784
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48. Determinados dispositivos NETGEAR están afectados por una falta de control de acceso en el nivel de función. Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, JGS524PE versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48 y GS116Ev2 versiones anteriores a 2.6.0.48. • https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396 •
CVSS: 8.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-35801
https://notcve.org/view.php?id=CVE-2020-35801
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware. Determinados dispositivos NETGEAR están afectados por una configuración incorrecta de los ajustes de seguridad. • https://kb.netgear.com/000062635/Security-Advisory-for-Security-Misconfiguration-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0376 https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches •