9 results (0.004 seconds)

CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 1

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory. Determinados dispositivos NETGEAR están afectados por una falta de control de acceso en el nivel de función. Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48, JGS524PE versiones anteriores a 2.6.0.48 y GS116Ev2 versiones anteriores a 2.6.0.48. • https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378 https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests. Determinados dispositivos NETGEAR están afectados por una falta de control de acceso en el nivel de función. Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, GS116Ev2 versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48 y JGS524PE versiones anteriores a 2.6.0.48. • https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383 https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches •

CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48. Determinados dispositivos NETGEAR están afectados por una falta de control de acceso en el nivel de función. Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, JGS524PE versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48 y GS116Ev2 versiones anteriores a 2.6.0.48. • https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396 •

CVSS: 8.3EPSS: 0%CPEs: 8EXPL: 0

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware. Determinados dispositivos NETGEAR están afectados por una configuración incorrecta de los ajustes de seguridad. • https://kb.netgear.com/000062635/Security-Advisory-for-Security-Misconfiguration-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0376 https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches •

CVSS: 9.8EPSS: 97%CPEs: 2EXPL: 0

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. Los dispositivos NETGEAR JGS516PE versiones anteriores a 2.6.0.43, están afectados por una falta de control de acceso en el nivel función Netgear JGS516PE devices contain a missing function level access control vulnerability. • https://kb.netgear.com/000062334/Security-Advisory-for-Missing-Function-Level-Access-Control-on-JGS516PE-PSV-2020-0377 •