CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-35229

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.3%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 5.8

References

https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/

Products affected by CVE-2020-35229

Netgear » Gs116e » Version: v2

cpe:2.3:h:netgear:gs116e:v2
Netgear » Jgs516pe » Version: N/A

cpe:2.3:h:netgear:jgs516pe:-
Netgear » Gs116e Firmware » Version: 2.6.0.43

cpe:2.3:o:netgear:gs116e_firmware:2.6.0.43
Netgear » Jgs516pe Firmware » Version: 2.6.0.43

cpe:2.3:o:netgear:jgs516pe_firmware:2.6.0.43

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-35229

Products

Pricing

Contact Us