SB2021031107 - Multiple vulnerabilities in NETGEAR JGS516PE and GS116Ev2

Security Bulletin ID SB2021031107

Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2020-35220)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the TFTP server. A remote attacker on the local network can bypass implemented security restrictions and update the switch firmware.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-35232)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the firmware update mechanism does not properly implements internal checks such as firmware length or checksum validations. A remote attacker on the local network can use a specially crafted firmware files and overwrite the entire memory with custom code

3) Input validation error (CVE-ID: CVE-2020-35233)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the switch operating system is not able to manage concurrent processes while performing any action with TFTP server. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/