SB2021031108 - Multiple vulnerabilities in NETGEAR JGS516PE and GS116Ev2

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021031108

SB2021031108 - Multiple vulnerabilities in NETGEAR JGS516PE and GS116Ev2

Published: March 11, 2021

Security Bulletin ID SB2021031108
Severity
Medium
Patch available
NO
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 9% Low 91%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Improper Authentication (CVE-ID: CVE-2020-35231)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests in the NSDP protocol implementation. A remote attacker on the local network can bypass authentication process and gain unauthorized access to the application.


2) Cross-site request forgery (CVE-ID: CVE-2020-35223)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in the web administration panel. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.


3) Buffer overflow (CVE-ID: CVE-2020-35225)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the NSDP protocol implementation. A remote administrator can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Integer overflow (CVE-ID: CVE-2020-35230)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in the web administration panel. A remote administrator can pass specially crafted data to the application, trigger integer overflow and cause a denial of sevice condition on the target system.


5) Information disclosure (CVE-ID: CVE-2020-35222)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the NSDP protocol does not require authentication to query for configuration parameters when the protocol is active. A remote attacker on the local network can obtain all the switch configuration parameters by sending the corresponding read requests.


6) Improper access control (CVE-ID: CVE-2020-35226)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the DCHP configuration feature. A remote attacker on the local network can modify the switch DHCP configuration by sending the corresponding write request command.


7) Buffer overflow (CVE-ID: CVE-2020-35227)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in IP Source Params. A remote administrator can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Stored cross-site scripting (CVE-ID: CVE-2020-35228)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the "language" parameter within the administration web panel. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


9) Improper Authentication (CVE-ID: CVE-2020-35229)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the authentication token required to execute NSDP write requests is not properly invalidated and can be reused until a new token is generated. A remote attacker on the local network can gain administrative privileges.


10) Insufficiently protected credentials (CVE-ID: CVE-2020-35221)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the hashing algorithm is insecure. A remote attacker on the local network can generate valid passwords or infer some parts of the original one. 


11) Buffer overflow (CVE-ID: CVE-2020-35224)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the NSDP protocol authentication method. A remote attacker on the local network can trigger memory corruption and cause a denial of service condition on the target system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References