Vulnerability Description
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Jgs516Pe Firmware | < 2.6.0.48 |
| Netgear | Jgs516Pe | - |
| Netgear | Jgs524E Firmware | < 2.6.0.48 |
| Netgear | Jgs524E | v2 |
| Netgear | Jgs524Pe Firmware | < 2.6.0.48 |
| Netgear | Jgs524Pe | - |
| Netgear | Gs116E Firmware | < 2.6.0.48 |
| Netgear | Gs116E | v2 |
References
- https://kb.netgear.com/000062635/Security-Advisory-for-Security-MisconfigurationVendor Advisory
- https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabiliNot Applicable
- https://kb.netgear.com/000062635/Security-Advisory-for-Security-MisconfigurationVendor Advisory
- https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabiliNot Applicable
FAQ
What is CVE-2020-35801?
CVE-2020-35801 is a vulnerability with a CVSS score of 8.3 (HIGH). Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2....
How severe is CVE-2020-35801?
CVE-2020-35801 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35801?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Jgs516Pe Firmware, Netgear Jgs516Pe, Netgear Jgs524E Firmware, Netgear Jgs524E, Netgear Jgs524Pe Firmware.