Multiple vulnerabilities in NETGEAR JGS516PE and GS116Ev2
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2020-35220 CVE-2020-35232 CVE-2020-35233 |
| CWE-ID | CWE-284 CWE-264 CWE-20 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
JGS516PE Hardware solutions / Routers & switches, VoIP, GSM, etc GS116Ev2 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | NETGEAR |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU51393
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-35220
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the TFTP server. A remote attacker on the local network can bypass implemented security restrictions and update the switch firmware.
MitigationInstall update from vendor's website.
Vulnerable software versionsJGS516PE: 2.6.0.43
GS116Ev2: 2.6.0.43
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51395
Risk: Medium
CVSSv4.0: 5.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-35232
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to the firmware update mechanism does not properly implements internal checks such as firmware length or checksum validations. A remote attacker on the local network can use a specially crafted firmware files and overwrite the entire memory with custom code
MitigationInstall update from vendor's website.
Vulnerable software versionsJGS516PE: 2.6.0.43
GS116Ev2: 2.6.0.43
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU51405
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-35233
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the switch operating system is not able to manage concurrent processes while performing any action with TFTP server. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJGS516PE: 2.6.0.43
GS116Ev2: 2.6.0.43
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
