Main Vulnerability Database Vulnerabilities #VU51403

Improper access control in JGS516PE and GS116Ev2 - CVE-2020-35226

Published: March 11, 2021

Vulnerability identifier: #VU51403

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-35226

CWE-ID: CWE-284

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
JGS516PE
GS116Ev2

Software vendor:
NETGEAR

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the DCHP configuration feature. A remote attacker on the local network can modify the switch DHCP configuration by sending the corresponding write request command.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/

Improper access control in JGS516PE and GS116Ev2 - CVE-2020-35226

Description

Remediation

External links

Please verify you're human