Vulnerability Description
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Jgs516Pe Firmware | < 2.6.0.48 |
| Netgear | Jgs516Pe | - |
| Netgear | Jgs524E Firmware | < 2.6.0.48 |
| Netgear | Jgs524E | v2 |
| Netgear | Jgs524Pe Firmware | < 2.6.0.48 |
| Netgear | Jgs524Pe | - |
| Netgear | Gs116E Firmware | < 2.6.0.48 |
| Netgear | Gs116E | v2 |
References
- https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-AcVendor Advisory
- https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabiliNot Applicable
- https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-AcVendor Advisory
- https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabiliNot Applicable
FAQ
What is CVE-2020-35783?
CVE-2020-35783 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2....
How severe is CVE-2020-35783?
CVE-2020-35783 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35783?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Jgs516Pe Firmware, Netgear Jgs516Pe, Netgear Jgs524E Firmware, Netgear Jgs524E, Netgear Jgs524Pe Firmware.