Vulnerabilites related to netgear - jgs524pe
cve-2019-20658
Vulnerability from cvelistv5
Published
2020-04-15 18:47
Modified
2024-08-05 02:46
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:46:10.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000061481/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Switches-PSV-2018-0612"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T18:47:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000061481/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Switches-PSV-2018-0612"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000061481/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Switches-PSV-2018-0612",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000061481/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Switches-PSV-2018-0612"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20658",
"datePublished": "2020-04-15T18:47:25",
"dateReserved": "2020-04-15T00:00:00",
"dateUpdated": "2024-08-05T02:46:10.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18862
Vulnerability from cvelistv5
Published
2020-04-28 15:54
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:37:44.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000037849/Security-Advisory-for-Authentication-Bypass-on-ProSAFE-Web-Managed-Switches-PSV-2015-0043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T15:54:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000037849/Security-Advisory-for-Authentication-Bypass-on-ProSAFE-Web-Managed-Switches-PSV-2015-0043"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000037849/Security-Advisory-for-Authentication-Bypass-on-ProSAFE-Web-Managed-Switches-PSV-2015-0043",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000037849/Security-Advisory-for-Authentication-Bypass-on-ProSAFE-Web-Managed-Switches-PSV-2015-0043"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18862",
"datePublished": "2020-04-28T15:54:25",
"dateReserved": "2020-04-27T00:00:00",
"dateUpdated": "2024-08-05T21:37:44.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35782
Vulnerability from cvelistv5
Published
2020-12-29 23:41
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:N/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-16T19:22:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:N/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378",
"refsource": "MISC",
"url": "https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378"
},
{
"name": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/",
"refsource": "MISC",
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35782",
"datePublished": "2020-12-29T23:41:12",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-08-04T17:09:15.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35784
Vulnerability from cvelistv5
Published
2020-12-29 23:40
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:L/C:H/I:H/PR:H/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-29T23:40:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:L/C:H/I:H/PR:H/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396",
"refsource": "MISC",
"url": "https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35784",
"datePublished": "2020-12-29T23:40:55",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-08-04T17:09:15.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35801
Vulnerability from cvelistv5
Published
2020-12-29 23:38
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000062635/Security-Advisory-for-Security-Misconfiguration-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0376"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:L/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-16T19:20:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000062635/Security-Advisory-for-Security-Misconfiguration-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0376"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:L/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000062635/Security-Advisory-for-Security-Misconfiguration-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0376",
"refsource": "MISC",
"url": "https://kb.netgear.com/000062635/Security-Advisory-for-Security-Misconfiguration-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0376"
},
{
"name": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/",
"refsource": "MISC",
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35801",
"datePublished": "2020-12-29T23:38:16",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-08-04T17:09:15.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20676
Vulnerability from cvelistv5
Published
2020-04-15 19:14
Modified
2024-08-05 02:46
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:46:10.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Switches-PSV-2018-0542"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:H/I:H/PR:H/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T19:14:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Switches-PSV-2018-0542"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:H/I:H/PR:H/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Switches-PSV-2018-0542",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Switches-PSV-2018-0542"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20676",
"datePublished": "2020-04-15T19:14:05",
"dateReserved": "2020-04-15T00:00:00",
"dateUpdated": "2024-08-05T02:46:10.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35783
Vulnerability from cvelistv5
Published
2020-12-29 23:41
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:H/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-16T19:24:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:N/C:H/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383",
"refsource": "MISC",
"url": "https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383"
},
{
"name": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/",
"refsource": "MISC",
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35783",
"datePublished": "2020-12-29T23:41:04",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-08-04T17:09:15.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-04-15 20:15
Modified
2024-11-21 04:39
Severity ?
Summary
Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:fs728tlp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A5F92D9-065E-40AA-BDBA-73E2671C961A",
"versionEndExcluding": "1.0.1.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:fs728tlp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4EEBDAE-AE10-43F2-BB8A-73CE293848D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs105e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF196D1-A0B3-443D-88A0-AA2E096C57F6",
"versionEndExcluding": "1.6.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs105e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD993BAB-DF89-41AB-936B-9C6F280BAE1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs105pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E0CE18-6EA8-41F5-8984-1FEB91561127",
"versionEndExcluding": "1.6.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs105pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "211D1DBE-5D7A-4309-A125-126AF2A16647",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs108e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE4B26A-8305-40B9-8A70-59626881EEEA",
"versionEndExcluding": "2.06.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs108e:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "5579C6E3-866F-4E6A-BD4C-0A1239DE5699",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs108pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "114E9F01-DD89-488E-9D95-33C420AEC7CD",
"versionEndExcluding": "2.06.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs108pe:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA97C4B-C592-4418-8F3B-24C891D3C830",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs110emx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D83E3054-7E97-49C1-B694-B0118200ACEC",
"versionEndExcluding": "1.0.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs110emx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EEC50-F8C6-4B34-AB0A-EC5466FF7A74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs116e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8377DD76-5028-4BB1-B670-453ECCB9BE2E",
"versionEndExcluding": "2.6.0.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5EF92-9B28-4C81-8A95-C5BCEC19591A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs408epp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A902F828-C55A-45B9-81D5-641FFE0ACD2D",
"versionEndExcluding": "1.0.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs408epp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86E8C803-F6E4-4CFD-B9BA-D83A7C5269E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs724tp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0515B176-5785-4ABB-BE14-7E2B1766325A",
"versionEndExcluding": "1.1.1.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs724tp:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "E871CCB4-8093-44AE-B289-CF81F82A9DB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs808e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DC63B1-22DB-4509-A468-9D1B63C997E7",
"versionEndExcluding": "1.7.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs808e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBE41AE-2001-4539-9F63-710EDEE42629",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs810emx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E8C971-788E-4D6D-B8BB-B65B2813EE5C",
"versionEndExcluding": "1.7.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs810emx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91F71973-C209-4401-B887-9399F9552D7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs908e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4E120D-3609-40F0-86B3-E7A2BC774D40",
"versionEndExcluding": "1.7.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs908e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6CA61D2-1B85-4C5F-86CA-AB1F877243FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gss108e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3350D6E6-522C-4D9F-9D74-EE3A2FB9177E",
"versionEndExcluding": "1.6.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gss108e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8244C4BA-F166-4C32-BF43-0964CD99921B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gss108epp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2106BBF-F216-4CBE-915C-B9680BB8B4EC",
"versionEndExcluding": "1.0.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gss108epp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF32417-92E9-4D8B-913A-539A473A2673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gss116e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5987DE76-B142-43AD-A06A-EED97FBEDC25",
"versionEndExcluding": "1.6.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gss116e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E2A39-F250-49EB-AE39-A1745B8F1569",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C97166D-7ED9-477D-A246-113BAFFED0C5",
"versionEndExcluding": "2.6.0.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBC0DAB-226E-4C95-9818-7758D37EFD10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs524e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "573A1DF4-2441-4B8C-9A01-6CC6BAF2B48E",
"versionEndExcluding": "2.6.0.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs524e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF899BD-AA1E-4C47-BCFD-5E32F75F538A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs524pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32DC5F31-3757-4739-8A10-F44DA2637080",
"versionEndExcluding": "2.6.0.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs524pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A32288-19B5-4A8F-B883-FCC326B7032D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xs512em_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A39A00BE-2EAA-4893-AE8C-EB5B15C1E8DC",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xs512em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48FCC8F7-1043-4069-924D-0124FE5D10B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xs708e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43A13AEB-F9FC-4F7D-812E-F28CE368F9E8",
"versionEndExcluding": "1.6.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xs708e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD93BF51-A52C-422F-BB05-63CF9E97D3B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xs716e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F96E693-D402-4ECB-B2E1-28A06810B9F4",
"versionEndExcluding": "1.6.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xs716e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6BBBDF-8E4C-42B3-9B23-C0970F5C4B7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xs724em_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C642EB2-F5F9-43B9-8F14-EF70F2429A46",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xs724em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30918F59-D8C5-4A49-A10D-A5703261CCE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una falta de control de acceso en el nivel de funci\u00f3n. Esto afecta a FS728TLP versiones anteriores a 1.0.1.26, GS105Ev2 versiones anteriores a 1.6.0.4, GS105PE versiones anteriores a 1.6.0.4, GS108Ev3 versiones anteriores a 2.06.08, GS108PEv3 versiones anteriores a 2.06.08, GS110EMX versiones anteriores a 1.0.1.4, GS116Ev2 versiones anteriores a 2.6.0.35, GS408EPP versiones anteriores a 1.0.0.15, GS724TPv2 versiones anteriores a 1.1.1.29, GS808E versiones anteriores a 1.7.0.7, GS810EMX versiones anteriores a 1.7.1.1, GS908E versiones anteriores a 1.7.0.3, GSS108E versiones anteriores a 1.6.0.4, GSS108EPP versiones anteriores a 1.0.0.15, GSS116E versiones anteriores a 1.6.0.9, JGS516PE versiones anteriores a 2.6.0.35, JGS524Ev2 versiones anteriores a 2.6.0.35, JGS524PE versiones anteriores a 2.6.0.35, XS512EM versiones anteriores a 1.0.1.1, XS708Ev2 versiones anteriores a 1.6.0.23, XS716E versiones anteriores a 1.6.0.23 y XS724EM versiones anteriores a 1.0.1.1."
}
],
"id": "CVE-2019-20676",
"lastModified": "2024-11-21T04:39:03.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T20:15:14.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Switches-PSV-2018-0542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Switches-PSV-2018-0542"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 16:15
Modified
2024-11-21 03:21
Severity ?
Summary
Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | jgs516pe_firmware | * | |
| netgear | jgs516pe | - | |
| netgear | jgs524e_firmware | * | |
| netgear | jgs524e | v2 | |
| netgear | jgs524pe_firmware | * | |
| netgear | jgs524pe | - | |
| netgear | gs105e_firmware | * | |
| netgear | gs105e | v2 | |
| netgear | gs105pe_firmware | * | |
| netgear | gs105pe | - | |
| netgear | gs108e_firmware | * | |
| netgear | gs108e | v3 | |
| netgear | gs108pe_firmware | * | |
| netgear | gs108pe | v3 | |
| netgear | gs116e_firmware | * | |
| netgear | gs116e | v2 | |
| netgear | gss108e_firmware | * | |
| netgear | gss108e | - | |
| netgear | gss116e_firmware | * | |
| netgear | gss116e | - | |
| netgear | xs708e_firmware | * | |
| netgear | xs708e | v2 | |
| netgear | xs716e_firmware | * | |
| netgear | xs716e | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49892DB9-4B99-46FC-A353-C5AEAF93918F",
"versionEndExcluding": "2017-05-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBC0DAB-226E-4C95-9818-7758D37EFD10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs524e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F28D3423-ABA9-47A4-AE74-75019D649BA8",
"versionEndExcluding": "2017-05-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs524e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF899BD-AA1E-4C47-BCFD-5E32F75F538A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs524pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0774BAE9-FF47-4785-9AA0-86A594335FBA",
"versionEndExcluding": "2017-05-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs524pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A32288-19B5-4A8F-B883-FCC326B7032D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs105e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "187CA489-3136-4889-AB0F-3ADA5C7D9C89",
"versionEndExcluding": "2017-05-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs105e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD993BAB-DF89-41AB-936B-9C6F280BAE1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs105pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "288AED3B-8007-4650-9CB2-3342A345533C",
"versionEndExcluding": "2017-05-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs105pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "211D1DBE-5D7A-4309-A125-126AF2A16647",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs108e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A85C689-1FBB-4799-9C27-34C7F6D0CA0A",
"versionEndExcluding": "2017-05-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs108e:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "5579C6E3-866F-4E6A-BD4C-0A1239DE5699",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs108pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6812FA4-1665-4CB5-9C89-DBC58557A742",
"versionEndExcluding": "2017-05-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs108pe:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA97C4B-C592-4418-8F3B-24C891D3C830",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs116e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE2876A-58F5-4892-89DD-E674A3DE96F1",
"versionEndExcluding": "2017-05-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5EF92-9B28-4C81-8A95-C5BCEC19591A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gss108e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48100EBE-BBE1-4278-8F71-A4A6F758B96A",
"versionEndExcluding": "2017-05-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gss108e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8244C4BA-F166-4C32-BF43-0964CD99921B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gss116e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69553993-8804-48F4-B408-DDA852B048C8",
"versionEndExcluding": "2017-05-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gss116e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E2A39-F250-49EB-AE39-A1745B8F1569",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xs708e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB82FC08-625B-496D-93EB-2673E0147832",
"versionEndExcluding": "2017-05-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xs708e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD93BF51-A52C-422F-BB05-63CF9E97D3B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xs716e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB20EA0-D4CF-47D7-8152-45CD65B3FC65",
"versionEndExcluding": "2017-05-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xs716e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6BBBDF-8E4C-42B3-9B23-C0970F5C4B7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11."
},
{
"lang": "es",
"value": "Determinados dispositivos de NETGEAR est\u00e1n afectados por una omisi\u00f3n de autenticaci\u00f3n. Esto afecta a JGS516PE antes del 11-05-2017, JGS524Ev2 antes del 11-05-2017, JGS524PE antes del 11-05-2017, GS105Ev2 antes del 11-05-2017, GS105PE antes del 11-05-2017, GS108Ev3 antes del 11-05-2017, GS108PEv3 antes del 11-05-2017, GS116Ev2 antes del 11-05-2017, GSS108E antes del 11-05-2017, GSS116E antes del 11-05-2017, XS708Ev2 antes del 11-05-2017, y XS716E antes del 11-05-2017."
}
],
"id": "CVE-2017-18862",
"lastModified": "2024-11-21T03:21:07.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T16:15:12.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000037849/Security-Advisory-for-Authentication-Bypass-on-ProSAFE-Web-Managed-Switches-PSV-2015-0043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000037849/Security-Advisory-for-Authentication-Bypass-on-ProSAFE-Web-Managed-Switches-PSV-2015-0043"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-30 00:15
Modified
2024-11-21 05:28
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | jgs516pe_firmware | * | |
| netgear | jgs516pe | - | |
| netgear | jgs524e_firmware | * | |
| netgear | jgs524e | v2 | |
| netgear | jgs524pe_firmware | * | |
| netgear | jgs524pe | - | |
| netgear | gs116e_firmware | * | |
| netgear | gs116e | v2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83FA56EB-35CD-4A58-8019-C4597AAC0104",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBC0DAB-226E-4C95-9818-7758D37EFD10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs524e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D0AC3E-87B5-435A-B203-E9759A4A5396",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs524e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF899BD-AA1E-4C47-BCFD-5E32F75F538A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs524pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62D7F6C3-8104-4C7D-AE9D-8C96D40221A3",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs524pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A32288-19B5-4A8F-B883-FCC326B7032D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs116e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCEFE31-BAA8-4791-BB66-27D341EAE6C7",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5EF92-9B28-4C81-8A95-C5BCEC19591A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una falta de control de acceso en el nivel de funci\u00f3n. Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, GS116Ev2 versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48 y JGS524PE versiones anteriores a 2.6.0.48. La versi\u00f3n del protocolo NSDP permite a los atacantes remotos no autentificados obtener todos los par\u00e1metros de configuraci\u00f3n del switch enviando las correspondientes peticiones de lectura."
}
],
"id": "CVE-2020-35783",
"lastModified": "2024-11-21T05:28:05.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-30T00:15:13.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-30 00:15
Modified
2024-11-21 05:28
Severity ?
6.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | jgs516pe_firmware | * | |
| netgear | jgs516pe | - | |
| netgear | jgs524e_firmware | * | |
| netgear | jgs524e | v2 | |
| netgear | jgs524pe_firmware | * | |
| netgear | jgs524pe | - | |
| netgear | gs116e_firmware | * | |
| netgear | gs116e | v2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83FA56EB-35CD-4A58-8019-C4597AAC0104",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBC0DAB-226E-4C95-9818-7758D37EFD10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs524e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D0AC3E-87B5-435A-B203-E9759A4A5396",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs524e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF899BD-AA1E-4C47-BCFD-5E32F75F538A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs524pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62D7F6C3-8104-4C7D-AE9D-8C96D40221A3",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs524pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A32288-19B5-4A8F-B883-FCC326B7032D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs116e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCEFE31-BAA8-4791-BB66-27D341EAE6C7",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5EF92-9B28-4C81-8A95-C5BCEC19591A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una falta de control de acceso en el nivel de funci\u00f3n.\u0026#xa0;Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, JGS524PE versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48 y GS116Ev2 versiones anteriores a 2.6.0.48."
}
],
"id": "CVE-2020-35784",
"lastModified": "2024-11-21T05:28:05.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.5,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-30T00:15:13.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-30 00:15
Modified
2024-11-21 05:28
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
7.3 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.3 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | jgs516pe_firmware | * | |
| netgear | jgs516pe | - | |
| netgear | jgs524e_firmware | * | |
| netgear | jgs524e | v2 | |
| netgear | jgs524pe_firmware | * | |
| netgear | jgs524pe | - | |
| netgear | gs116e_firmware | * | |
| netgear | gs116e | v2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83FA56EB-35CD-4A58-8019-C4597AAC0104",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBC0DAB-226E-4C95-9818-7758D37EFD10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs524e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D0AC3E-87B5-435A-B203-E9759A4A5396",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs524e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF899BD-AA1E-4C47-BCFD-5E32F75F538A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs524pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62D7F6C3-8104-4C7D-AE9D-8C96D40221A3",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs524pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A32288-19B5-4A8F-B883-FCC326B7032D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs116e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCEFE31-BAA8-4791-BB66-27D341EAE6C7",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5EF92-9B28-4C81-8A95-C5BCEC19591A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una configuraci\u00f3n incorrecta de los ajustes de seguridad.\u0026#xa0;Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48, JGS524PE versiones anteriores a 2.6.0.48 y GS116Ev2 versiones anteriores a 2.6.0.48. Se encontr\u00f3 un servidor TFTP activo por defecto. Permite a los usuarios remotos autentificados actualizar el firmware del switch"
}
],
"id": "CVE-2020-35801",
"lastModified": "2024-11-21T05:28:08.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-30T00:15:14.457",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062635/Security-Advisory-for-Security-Misconfiguration-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0376"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062635/Security-Advisory-for-Security-Misconfiguration-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 19:15
Modified
2024-11-21 04:38
Severity ?
Summary
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | fs728tlp_firmware | * | |
| netgear | fs728tlp | - | |
| netgear | gs105e_firmware | * | |
| netgear | gs105e | v2 | |
| netgear | gs105pe_firmware | * | |
| netgear | gs105pe | - | |
| netgear | gs108e_firmware | * | |
| netgear | gs108e | v3 | |
| netgear | gs108pe_firmware | * | |
| netgear | gs108pe | v3 | |
| netgear | gs110emx_firmware | * | |
| netgear | gs110emx | - | |
| netgear | gs116e_firmware | * | |
| netgear | gs116e | v2 | |
| netgear | gs408epp_firmware | * | |
| netgear | gs408epp | - | |
| netgear | gs808e_firmware | * | |
| netgear | gs808e | - | |
| netgear | gs810emx_firmware | * | |
| netgear | gs810emx | - | |
| netgear | gs908e_firmware | * | |
| netgear | gs908e | - | |
| netgear | gss108e_firmware | * | |
| netgear | gss108e | - | |
| netgear | gss108epp_firmware | * | |
| netgear | gss108epp | - | |
| netgear | gss116e_firmware | * | |
| netgear | gss116e | - | |
| netgear | jgs516pe_firmware | * | |
| netgear | jgs516pe | - | |
| netgear | jgs524e_firmware | * | |
| netgear | jgs524e | v2 | |
| netgear | jgs524pe_firmware | * | |
| netgear | jgs524pe | - | |
| netgear | xs512em_firmware | * | |
| netgear | xs512em | - | |
| netgear | xs708e_firmware | * | |
| netgear | xs708e | v2 | |
| netgear | xs716e_firmware | * | |
| netgear | xs716e | - | |
| netgear | xs724em_firmware | * | |
| netgear | xs724em | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:fs728tlp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A5F92D9-065E-40AA-BDBA-73E2671C961A",
"versionEndExcluding": "1.0.1.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:fs728tlp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4EEBDAE-AE10-43F2-BB8A-73CE293848D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs105e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF196D1-A0B3-443D-88A0-AA2E096C57F6",
"versionEndExcluding": "1.6.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs105e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD993BAB-DF89-41AB-936B-9C6F280BAE1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs105pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E0CE18-6EA8-41F5-8984-1FEB91561127",
"versionEndExcluding": "1.6.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs105pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "211D1DBE-5D7A-4309-A125-126AF2A16647",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs108e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE4B26A-8305-40B9-8A70-59626881EEEA",
"versionEndExcluding": "2.06.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs108e:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "5579C6E3-866F-4E6A-BD4C-0A1239DE5699",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs108pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "114E9F01-DD89-488E-9D95-33C420AEC7CD",
"versionEndExcluding": "2.06.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs108pe:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA97C4B-C592-4418-8F3B-24C891D3C830",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs110emx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D83E3054-7E97-49C1-B694-B0118200ACEC",
"versionEndExcluding": "1.0.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs110emx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EEC50-F8C6-4B34-AB0A-EC5466FF7A74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs116e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8377DD76-5028-4BB1-B670-453ECCB9BE2E",
"versionEndExcluding": "2.6.0.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5EF92-9B28-4C81-8A95-C5BCEC19591A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs408epp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A902F828-C55A-45B9-81D5-641FFE0ACD2D",
"versionEndExcluding": "1.0.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs408epp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86E8C803-F6E4-4CFD-B9BA-D83A7C5269E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs808e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DC63B1-22DB-4509-A468-9D1B63C997E7",
"versionEndExcluding": "1.7.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs808e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBE41AE-2001-4539-9F63-710EDEE42629",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs810emx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E8C971-788E-4D6D-B8BB-B65B2813EE5C",
"versionEndExcluding": "1.7.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs810emx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91F71973-C209-4401-B887-9399F9552D7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs908e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4E120D-3609-40F0-86B3-E7A2BC774D40",
"versionEndExcluding": "1.7.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs908e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6CA61D2-1B85-4C5F-86CA-AB1F877243FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gss108e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3350D6E6-522C-4D9F-9D74-EE3A2FB9177E",
"versionEndExcluding": "1.6.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gss108e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8244C4BA-F166-4C32-BF43-0964CD99921B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gss108epp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2106BBF-F216-4CBE-915C-B9680BB8B4EC",
"versionEndExcluding": "1.0.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gss108epp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF32417-92E9-4D8B-913A-539A473A2673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gss116e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5987DE76-B142-43AD-A06A-EED97FBEDC25",
"versionEndExcluding": "1.6.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gss116e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E2A39-F250-49EB-AE39-A1745B8F1569",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C97166D-7ED9-477D-A246-113BAFFED0C5",
"versionEndExcluding": "2.6.0.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBC0DAB-226E-4C95-9818-7758D37EFD10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs524e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "573A1DF4-2441-4B8C-9A01-6CC6BAF2B48E",
"versionEndExcluding": "2.6.0.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs524e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF899BD-AA1E-4C47-BCFD-5E32F75F538A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs524pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32DC5F31-3757-4739-8A10-F44DA2637080",
"versionEndExcluding": "2.6.0.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs524pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A32288-19B5-4A8F-B883-FCC326B7032D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xs512em_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A39A00BE-2EAA-4893-AE8C-EB5B15C1E8DC",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xs512em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48FCC8F7-1043-4069-924D-0124FE5D10B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xs708e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43A13AEB-F9FC-4F7D-812E-F28CE368F9E8",
"versionEndExcluding": "1.6.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xs708e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD93BF51-A52C-422F-BB05-63CF9E97D3B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xs716e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F96E693-D402-4ECB-B2E1-28A06810B9F4",
"versionEndExcluding": "1.6.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xs716e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6BBBDF-8E4C-42B3-9B23-C0970F5C4B7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:xs724em_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C642EB2-F5F9-43B9-8F14-EF70F2429A46",
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:xs724em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30918F59-D8C5-4A49-A10D-A5703261CCE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una divulgaci\u00f3n de informaci\u00f3n confidencial. Esto afecta a FS728TLP versiones anteriores a 1.0.1.26, GS105Ev2 versiones anteriores a 1.6.0.4, GS105PE versiones anteriores a 1.6.0.4, GS108Ev3 versiones anteriores a 2.06.08, GS108PEv3 versiones anteriores a 2.06.08, GS110EMX versiones anteriores a 1.0.1.4, GS116Ev2 versiones anteriores a 2.6.0.35, GS408EPP versiones anteriores a 1.0.0.15, GS808E versiones anteriores a 1.7.0.7, GS810EMX versiones anteriores a 1.7.1.1, GS908E versiones anteriores a 1.7.0.3, GSS108E versiones anteriores a 1.6.0.4, GSS108EPP versiones anteriores a 1.0.0.15, GSS116E versiones anteriores a 1.6.0.9, JGS516PE versiones anteriores a 2.6.0.35, JGS524Ev2 antes 2.6.0.35, JGS524PE antes 2.6.0.35, XS512EM versiones anteriores a 1.0.1.1, XS708Ev2 versiones anteriores a 1.6.0.23, XS716E versiones anteriores a 1.6.0.23 y XS724EM versiones anteriores a 1.0.1.1."
}
],
"id": "CVE-2019-20658",
"lastModified": "2024-11-21T04:38:59.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T19:15:13.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000061481/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Switches-PSV-2018-0612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000061481/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Switches-PSV-2018-0612"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-30 00:15
Modified
2024-11-21 05:28
Severity ?
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | jgs516pe_firmware | * | |
| netgear | jgs516pe | - | |
| netgear | jgs524e_firmware | * | |
| netgear | jgs524e | v2 | |
| netgear | jgs524pe_firmware | * | |
| netgear | jgs524pe | - | |
| netgear | gs116e_firmware | * | |
| netgear | gs116e | v2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83FA56EB-35CD-4A58-8019-C4597AAC0104",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBC0DAB-226E-4C95-9818-7758D37EFD10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs524e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D0AC3E-87B5-435A-B203-E9759A4A5396",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs524e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF899BD-AA1E-4C47-BCFD-5E32F75F538A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:jgs524pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62D7F6C3-8104-4C7D-AE9D-8C96D40221A3",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:jgs524pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A32288-19B5-4A8F-B883-FCC326B7032D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:gs116e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCEFE31-BAA8-4791-BB66-27D341EAE6C7",
"versionEndExcluding": "2.6.0.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA5EF92-9B28-4C81-8A95-C5BCEC19591A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory."
},
{
"lang": "es",
"value": "Determinados dispositivos NETGEAR est\u00e1n afectados por una falta de control de acceso en el nivel de funci\u00f3n. Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48, JGS524PE versiones anteriores a 2.6.0.48 y GS116Ev2 versiones anteriores a 2.6.0.48. El mecanismo de actualizaci\u00f3n del firmware TFTP no implementa correctamente las validaciones del firmware, lo que permite a los atacantes remotos escribir datos arbitrarios en la memoria interna"
}
],
"id": "CVE-2020-35782",
"lastModified": "2024-11-21T05:28:04.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-30T00:15:13.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202012-1183
Vulnerability from variot
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jgs524e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "jgs524pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "gs116e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "jgs516pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "gs116e",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "jgs524pe",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "jgs524e",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "jgs516pe",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014976"
},
{
"db": "NVD",
"id": "CVE-2020-35784"
}
]
},
"cve": "CVE-2020-35784",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2020-35784",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-35784",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.7,
"id": "CVE-2020-35784",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-35784",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35784",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2020-35784",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-35784",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1746",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014976"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1746"
},
{
"db": "NVD",
"id": "CVE-2020-35784"
},
{
"db": "NVD",
"id": "CVE-2020-35784"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35784"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014976"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35784",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014976",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1746",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014976"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1746"
},
{
"db": "NVD",
"id": "CVE-2020-35784"
}
]
},
"id": "VAR-202012-1183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.43738003000000003
},
"last_update_date": "2024-11-23T23:07:45.599000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Missing\u00a0Function\u00a0Level\u00a0Access\u00a0Control\u00a0on\u00a0Some\u00a0Smart\u00a0Managed\u00a0Plus\u00a0Switches,\u00a0PSV-2020-0396",
"trust": 0.8,
"url": "https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396"
},
{
"title": "Certain NETGEAR devices Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138125"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014976"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1746"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Other (CWE-Other) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014976"
},
{
"db": "NVD",
"id": "CVE-2020-35784"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://kb.netgear.com/000062638/security-advisory-for-missing-function-level-access-control-on-some-smart-managed-plus-switches-psv-2020-0396"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35784"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014976"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1746"
},
{
"db": "NVD",
"id": "CVE-2020-35784"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014976"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1746"
},
{
"db": "NVD",
"id": "CVE-2020-35784"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014976"
},
{
"date": "2020-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1746"
},
{
"date": "2020-12-30T00:15:13.330000",
"db": "NVD",
"id": "CVE-2020-35784"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-07T06:17:00",
"db": "JVNDB",
"id": "JVNDB-2020-014976"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1746"
},
{
"date": "2024-11-21T05:28:05.247000",
"db": "NVD",
"id": "CVE-2020-35784"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1746"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014976"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1746"
}
],
"trust": 0.6
}
}
var-202004-1334
Vulnerability from variot
Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11. NETGEAR GS105E, etc. are all switches from NETGEAR.
There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to bypass authentication and gain access to switch configuration files and passwords (same subnet). This affects JGS516PE prior to 2017-05-11, JGS524Ev2 prior to 2017-05-11, JGS524PE prior to 2017-05-11, GS105Ev2 prior to 2017-05-11, GS105PE prior to 2017-05-11, GS108Ev3 prior to 2017-05-11, GS108PEv3 prior to 2017-05-11, GS116Ev2 prior to 2017-05-11, GSS108E prior to 2017-05-11, GSS116E prior to 2017-05-11, XS708Ev2 prior to 2017-05-11, and XS716E prior to 2017-05-11
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1334",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gss116e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "jgs524e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "gs116e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "gs108e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "xs716e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "gs105e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "xs708e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "jgs516pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "gs108pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "gs105pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "jgs524pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "gss108e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "gs105e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "gs105pe prosafe plus switch",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "gs108e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "gs108pe prosafe plus switch",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "gs116e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "gss108e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "jgs516pe",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "jgs524e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "jgs524pe",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "jgs516pe",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "jgs524ev2",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "jgs524pe",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gs105ev2",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gs105pe",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gs108ev3",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gs108pev3",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gs116ev2",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gss108e",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gss116e",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "xs708ev2",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "xs716e",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gs105e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs105pe",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs108e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs108pe",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.2.0.5"
},
{
"model": "gs108pe",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs116e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "gss108e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gss116e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.6.0.9"
},
{
"model": "jgs516pe",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": null
},
{
"model": "jgs516pe",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "jgs516pe",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.6.0.43"
},
{
"model": "jgs524e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "jgs524pe",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "xs708e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.6.0.23"
},
{
"model": "xs716e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.6.0.23"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"db": "VULMON",
"id": "CVE-2017-18862"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:gs105e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs105pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs108e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs108pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs116e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gss108e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:jgs516pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:jgs524e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:jgs524pe_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
}
]
},
"cve": "CVE-2017-18862",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2017-18862",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-014994",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-83564",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-18862",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-014994",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18862",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2017-014994",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-83564",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2261",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-18862",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"db": "VULMON",
"id": "CVE-2017-18862"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2261"
},
{
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11. NETGEAR GS105E, etc. are all switches from NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to bypass authentication and gain access to switch configuration files and passwords (same subnet). This affects JGS516PE prior to 2017-05-11, JGS524Ev2 prior to 2017-05-11, JGS524PE prior to 2017-05-11, GS105Ev2 prior to 2017-05-11, GS105PE prior to 2017-05-11, GS108Ev3 prior to 2017-05-11, GS108PEv3 prior to 2017-05-11, GS116Ev2 prior to 2017-05-11, GSS108E prior to 2017-05-11, GSS116E prior to 2017-05-11, XS708Ev2 prior to 2017-05-11, and XS716E prior to 2017-05-11",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18862"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"db": "VULMON",
"id": "CVE-2017-18862"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18862",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-83564",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2261",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-18862",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"db": "VULMON",
"id": "CVE-2017-18862"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2261"
},
{
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"id": "VAR-202004-1334",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
}
],
"trust": 1.3910071815384613
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
}
]
},
"last_update_date": "2024-11-23T22:11:30.775000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Authentication Bypass on ProSAFE Web Managed Switches, PSV-2015-0043",
"trust": 0.8,
"url": "https://kb.netgear.com/000037849/Security-Advisory-for-Authentication-Bypass-on-ProSAFE-Web-Managed-Switches-PSV-2015-0043"
},
{
"title": "Patch for Multiple NETGEAR product authorization issues and vulnerabilities (CNVD-2021-83564)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/296276"
},
{
"title": "Multiple NETGEAR Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117353"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2261"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18862"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/000037849/security-advisory-for-authentication-bypass-on-prosafe-web-managed-switches-psv-2015-0043"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18862"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"db": "VULMON",
"id": "CVE-2017-18862"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2261"
},
{
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"db": "VULMON",
"id": "CVE-2017-18862"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2261"
},
{
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"date": "2020-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18862"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2261"
},
{
"date": "2020-04-28T16:15:12.683000",
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"date": "2020-05-05T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18862"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"date": "2020-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2261"
},
{
"date": "2024-11-21T03:21:07.230000",
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2261"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Product authentication vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2261"
}
],
"trust": 0.6
}
}
var-202004-0941
Vulnerability from variot
Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1. plural NETGEAR The device contains a vulnerability related to lack of authentication.Information may be obtained and tampered with. NETGEAR GS105E, etc. are all a kind of switchboard of NETGEAR. No detailed vulnerability details are currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0941",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fs728tlp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.26"
},
{
"model": "gs105pe",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs110emx",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.4"
},
{
"model": "gs408epp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.0.15"
},
{
"model": "gs808e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.7.0.7"
},
{
"model": "gs810emx",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.7.1.1"
},
{
"model": "gs908e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.7.0.3"
},
{
"model": "gss108e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gss108epp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.0.15"
},
{
"model": "gss116e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.9"
},
{
"model": "jgs516pe",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "jgs524pe",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "xs512em",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.1"
},
{
"model": "xs716e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.23"
},
{
"model": "xs724em",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.1"
},
{
"model": "gs724tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.1.29"
},
{
"model": "gs116e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "gs108pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "xs708e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.6.0.23"
},
{
"model": "gs105e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs108e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "jgs524e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "fs728tlp",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.1.26"
},
{
"model": "gs105e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs105pe prosafe plus switch",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs108e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs108pe prosafe plus switch",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs110emx",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.1.4"
},
{
"model": "gs116e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "gs408epp",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.0.15"
},
{
"model": "gs724tp",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.1.1.29"
},
{
"model": "gs808e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.7.0.7"
},
{
"model": "gs105ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs108ev3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs108pev3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs116ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "gs724tpv2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.1.1.29"
},
{
"model": "jgs524ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "xs708ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.6.0.23"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:fs728tlp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs105e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs105pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs108e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs108pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs110emx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs116e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs408epp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs724tp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs808e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
}
]
},
"cve": "CVE-2019-20676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-20676",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015469",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-24418",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2019-20676",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2019-20676",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.0,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20676",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-20676",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015469",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-24418",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1210",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1210"
},
{
"db": "NVD",
"id": "CVE-2019-20676"
},
{
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1. plural NETGEAR The device contains a vulnerability related to lack of authentication.Information may be obtained and tampered with. NETGEAR GS105E, etc. are all a kind of switchboard of NETGEAR. No detailed vulnerability details are currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20676"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "CNVD",
"id": "CNVD-2020-24418"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20676",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-24418",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1210",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1210"
},
{
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"id": "VAR-202004-0941",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
}
],
"trust": 1.3507586008695651
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
}
]
},
"last_update_date": "2024-11-23T23:11:27.368000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Missing Function Level Access Control on Some Switches, PSV-2018-0542",
"trust": 0.8,
"url": "https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Switches-PSV-2018-0542"
},
{
"title": "Patch for Multiple NETGEAR product access control error vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/215173"
},
{
"title": "Multiple NETGEAR Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116089"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1210"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20676"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000061463/security-advisory-for-missing-function-level-access-control-on-some-switches-psv-2018-0542"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20676"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1210"
},
{
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1210"
},
{
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"date": "2020-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1210"
},
{
"date": "2020-04-15T20:15:14.333000",
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1210"
},
{
"date": "2024-11-21T04:39:03.200000",
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Vulnerability in lack of authentication on device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1210"
}
],
"trust": 0.6
}
}
var-202012-1137
Vulnerability from variot
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests. plural NETGEAR device Contains an unspecified vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1137",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jgs524e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "jgs524pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "gs116e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "jgs516pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "jgs524pe",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "jgs524e",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "jgs516pe",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs116e",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015073"
},
{
"db": "NVD",
"id": "CVE-2020-35783"
}
]
},
"cve": "CVE-2020-35783",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-35783",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-35783",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-015073",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35783",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2020-35783",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-35783",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1743",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015073"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1743"
},
{
"db": "NVD",
"id": "CVE-2020-35783"
},
{
"db": "NVD",
"id": "CVE-2020-35783"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests. plural NETGEAR device Contains an unspecified vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35783"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015073"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35783",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015073",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1743",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015073"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1743"
},
{
"db": "NVD",
"id": "CVE-2020-35783"
}
]
},
"id": "VAR-202012-1137",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.43738003000000003
},
"last_update_date": "2024-11-23T21:51:07.359000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Missing\u00a0Function\u00a0Level\u00a0Access\u00a0Control\u00a0on\u00a0Some\u00a0Smart\u00a0Managed\u00a0Plus\u00a0Switches,\u00a0PSV-2020-0383",
"trust": 0.8,
"url": "https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383"
},
{
"title": "Multiple Netgear Product access control error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138266"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015073"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1743"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015073"
},
{
"db": "NVD",
"id": "CVE-2020-35783"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000062637/security-advisory-for-missing-function-level-access-control-on-some-smart-managed-plus-switches-psv-2020-0383"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35783"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015073"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1743"
},
{
"db": "NVD",
"id": "CVE-2020-35783"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015073"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1743"
},
{
"db": "NVD",
"id": "CVE-2020-35783"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015073"
},
{
"date": "2020-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1743"
},
{
"date": "2020-12-30T00:15:13.267000",
"db": "NVD",
"id": "CVE-2020-35783"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-09T07:46:00",
"db": "JVNDB",
"id": "JVNDB-2020-015073"
},
{
"date": "2021-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1743"
},
{
"date": "2024-11-21T05:28:05.050000",
"db": "NVD",
"id": "CVE-2020-35783"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1743"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 device \u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015073"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1743"
}
],
"trust": 0.6
}
}
var-202012-1136
Vulnerability from variot
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory. plural NETGEAR device Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1136",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jgs524e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "jgs524pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "gs116e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "jgs516pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "jgs524pe",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "jgs524e",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "jgs516pe",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs116e",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015072"
},
{
"db": "NVD",
"id": "CVE-2020-35782"
}
]
},
"cve": "CVE-2020-35782",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-35782",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-35782",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-015072",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35782",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2020-35782",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-35782",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1749",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015072"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1749"
},
{
"db": "NVD",
"id": "CVE-2020-35782"
},
{
"db": "NVD",
"id": "CVE-2020-35782"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory. plural NETGEAR device Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35782"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015072"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35782",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015072",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1749",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015072"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1749"
},
{
"db": "NVD",
"id": "CVE-2020-35782"
}
]
},
"id": "VAR-202012-1136",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.43738003000000003
},
"last_update_date": "2024-11-23T22:44:18.943000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Missing\u00a0Function\u00a0Level\u00a0Access\u00a0Control\u00a0on\u00a0Some\u00a0Smart\u00a0Managed\u00a0Plus\u00a0Switches,\u00a0PSV-2020-0378",
"trust": 0.8,
"url": "https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378"
},
{
"title": "Certain NETGEAR devices Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138128"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015072"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1749"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Other (CWE-Other) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015072"
},
{
"db": "NVD",
"id": "CVE-2020-35782"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000062636/security-advisory-for-missing-function-level-access-control-on-some-smart-managed-plus-switches-psv-2020-0378"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35782"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015072"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1749"
},
{
"db": "NVD",
"id": "CVE-2020-35782"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015072"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1749"
},
{
"db": "NVD",
"id": "CVE-2020-35782"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015072"
},
{
"date": "2020-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1749"
},
{
"date": "2020-12-30T00:15:13.207000",
"db": "NVD",
"id": "CVE-2020-35782"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-09T07:46:00",
"db": "JVNDB",
"id": "JVNDB-2020-015072"
},
{
"date": "2021-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1749"
},
{
"date": "2024-11-21T05:28:04.850000",
"db": "NVD",
"id": "CVE-2020-35782"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1749"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 device \u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015072"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1749"
}
],
"trust": 0.6
}
}
var-202012-1176
Vulnerability from variot
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware. plural NETGEAR An unspecified vulnerability exists in the device.Information is tampered with and denial of service (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1176",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jgs524e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "jgs524pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "gs116e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "jgs516pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.48"
},
{
"model": "jgs524pe",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "jgs524e",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "gs116e",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "jgs516pe",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014794"
},
{
"db": "NVD",
"id": "CVE-2020-35801"
}
]
},
"cve": "CVE-2020-35801",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-35801",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.1,
"id": "CVE-2020-35801",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-35801",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-35801",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35801",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2020-35801",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-35801",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1736",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014794"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1736"
},
{
"db": "NVD",
"id": "CVE-2020-35801"
},
{
"db": "NVD",
"id": "CVE-2020-35801"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware. plural NETGEAR An unspecified vulnerability exists in the device.Information is tampered with and denial of service (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014794"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35801",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014794",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1736",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014794"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1736"
},
{
"db": "NVD",
"id": "CVE-2020-35801"
}
]
},
"id": "VAR-202012-1176",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.43738003000000003
},
"last_update_date": "2024-11-23T22:47:44.580000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Advisory\u00a0for\u00a0Security\u00a0Misconfiguration\u00a0on\u00a0Some\u00a0Smart\u00a0Managed\u00a0Plus\u00a0Switches,\u00a0PSV-2020-0376",
"trust": 0.8,
"url": "https://kb.netgear.com/000062635/Security-Advisory-for-Security-Misconfiguration-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0376"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014794"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014794"
},
{
"db": "NVD",
"id": "CVE-2020-35801"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000062635/security-advisory-for-security-misconfiguration-on-some-smart-managed-plus-switches-psv-2020-0376"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35801"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014794"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1736"
},
{
"db": "NVD",
"id": "CVE-2020-35801"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014794"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1736"
},
{
"db": "NVD",
"id": "CVE-2020-35801"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014794"
},
{
"date": "2020-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1736"
},
{
"date": "2020-12-30T00:15:14.457000",
"db": "NVD",
"id": "CVE-2020-35801"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-31T05:14:00",
"db": "JVNDB",
"id": "JVNDB-2020-014794"
},
{
"date": "2021-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1736"
},
{
"date": "2024-11-21T05:28:08.977000",
"db": "NVD",
"id": "CVE-2020-35801"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1736"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0NETGEAR\u00a0 Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014794"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1736"
}
],
"trust": 0.6
}
}
var-202004-0923
Vulnerability from variot
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1. NETGEAR GS105E, etc. are all a kind of switchboard of NETGEAR
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0923",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fs728tlp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.26"
},
{
"model": "gs105pe",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs110emx",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.4"
},
{
"model": "gs408epp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.0.15"
},
{
"model": "gs808e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.7.0.7"
},
{
"model": "gs810emx",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.7.1.1"
},
{
"model": "gs908e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.7.0.3"
},
{
"model": "gss108e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gss108epp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.0.15"
},
{
"model": "gss116e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.9"
},
{
"model": "jgs516pe",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "jgs524pe",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "xs512em",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.1"
},
{
"model": "xs716e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.23"
},
{
"model": "xs724em",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.1"
},
{
"model": "gs116e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "gs108pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "xs708e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.6.0.23"
},
{
"model": "gs105e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs108e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "jgs524e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "fs728tlp",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.1.26"
},
{
"model": "gs105e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs105pe prosafe plus switch",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs108e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs108pe prosafe plus switch",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs110emx",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.1.4"
},
{
"model": "gs116e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "gs408epp",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.0.15"
},
{
"model": "gs808e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.7.0.7"
},
{
"model": "gs810emx",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.7.1.1"
},
{
"model": "gs105ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs108ev3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs108pev3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs116ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "jgs524ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "xs708ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.6.0.23"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:fs728tlp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs105e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs105pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs108e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs108pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs110emx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs116e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs408epp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs808e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs810emx_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
}
]
},
"cve": "CVE-2019-20658",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2019-20658",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015468",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2020-27209",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-20658",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-20658",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015468",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20658",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-20658",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015468",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-27209",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1228",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1228"
},
{
"db": "NVD",
"id": "CVE-2019-20658"
},
{
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1. NETGEAR GS105E, etc. are all a kind of switchboard of NETGEAR",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20658"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "CNVD",
"id": "CNVD-2020-27209"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20658",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-27209",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1228",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1228"
},
{
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"id": "VAR-202004-0923",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
}
],
"trust": 1.3394294463636363
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
}
]
},
"last_update_date": "2024-11-23T22:37:25.413000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Sensitive Information Disclosure on Some Switches, PSV-2018-0612",
"trust": 0.8,
"url": "https://kb.netgear.com/000061481/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Switches-PSV-2018-0612"
},
{
"title": "Patch for Multiple NETGEAR product information disclosure vulnerabilities (CNVD-2020-27209)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/216869"
},
{
"title": "Multiple NETGEAR Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116106"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20658"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000061481/security-advisory-for-sensitive-information-disclosure-on-some-switches-psv-2018-0612"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20658"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1228"
},
{
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1228"
},
{
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"date": "2020-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1228"
},
{
"date": "2020-04-15T19:15:13.253000",
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1228"
},
{
"date": "2024-11-21T04:38:59.387000",
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Information leakage vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1228"
}
],
"trust": 0.6
}
}