Shodan
Vulnerabilities
Vulnerable Software
Netgear:  Security Vulnerabilities
CVE-2020-35228
A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-03-10
CVE-2020-35229
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-03-10
CVE-2020-35230
Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack.
CVSS Score
6.8
EPSS Score
0.001
Published
2021-03-10
CVE-2020-35231
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-03-10
CVE-2020-35233
The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-03-10
CVE-2020-35223
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-03-10
CVE-2020-35224
A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.
CVSS Score
6.5
EPSS Score
0.007
Published
2021-03-10
CVE-2020-35225
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks.
CVSS Score
6.8
EPSS Score
0.001
Published
2021-03-10
CVE-2020-35221
The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original.
CVSS Score
8.8
EPSS Score
0.0
Published
2021-03-10
CVE-2021-27254
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.
CVSS Score
6.3
EPSS Score
0.001
Published
2021-03-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved