CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-35221

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 3.3

References

https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/

Products affected by CVE-2020-35221

Netgear » Gs116e » Version: v2

cpe:2.3:h:netgear:gs116e:v2
Netgear » Jgs516pe » Version: N/A

cpe:2.3:h:netgear:jgs516pe:-
Netgear » Gs116e Firmware » Version: 2.6.0.43

cpe:2.3:o:netgear:gs116e_firmware:2.6.0.43
Netgear » Jgs516pe Firmware » Version: 2.6.0.43

cpe:2.3:o:netgear:jgs516pe_firmware:2.6.0.43

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-35221

Products

Pricing

Contact Us