Details of VAR-202012-1136

ID

VAR-202012-1136

CVE

CVE-2020-35782

TITLE

plural NETGEAR device Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-015072

DESCRIPTION

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory. plural NETGEAR device Contains an unspecified vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-35782 // JVNDB: JVNDB-2020-015072

AFFECTED PRODUCTS

vendor:	netgear	model:	jgs524e	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	netgear	model:	jgs524pe	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	netgear	model:	gs116e	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	netgear	model:	jgs516pe	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	ネットギア	model:	jgs524pe	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jgs524e	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jgs516pe	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs116e	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015072 // NVD: CVE-2020-35782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35782
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2020-35782
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-35782
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202012-1749
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-35782
severity:	HIGH
baseScore:	7.8
vectorString:	AV:A/AC:L/AU:N/C:N/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-35782
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-015072
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-015072 // CNNVD: CNNVD-202012-1749 // NVD: CVE-2020-35782 // NVD: CVE-2020-35782

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Other (CWE-Other) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-015072 // NVD: CVE-2020-35782

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202012-1749

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-1749

PATCH

title:	Security Advisory for Missing Function Level Access Control on Some Smart Managed Plus Switches, PSV-2020-0378	url:	https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378	Trust: 0.8
title:	Certain NETGEAR devices Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138128	Trust: 0.6

sources: JVNDB: JVNDB-2020-015072 // CNNVD: CNNVD-202012-1749

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35782	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-015072	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1749	Trust: 0.6

sources: JVNDB: JVNDB-2020-015072 // CNNVD: CNNVD-202012-1749 // NVD: CVE-2020-35782

REFERENCES

url:	https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/	Trust: 1.6
url:	https://kb.netgear.com/000062636/security-advisory-for-missing-function-level-access-control-on-some-smart-managed-plus-switches-psv-2020-0378	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35782	Trust: 1.4

sources: JVNDB: JVNDB-2020-015072 // CNNVD: CNNVD-202012-1749 // NVD: CVE-2020-35782

SOURCES

db:	JVNDB	id:	JVNDB-2020-015072
db:	CNNVD	id:	CNNVD-202012-1749
db:	NVD	id:	CVE-2020-35782

LAST UPDATE DATE

2024-11-23T22:44:18.943000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-015072	date:	2021-09-09T07:46:00
db:	CNNVD	id:	CNNVD-202012-1749	date:	2021-03-30T00:00:00
db:	NVD	id:	CVE-2020-35782	date:	2024-11-21T05:28:04.850

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-015072	date:	2021-09-09T00:00:00
db:	CNNVD	id:	CNNVD-202012-1749	date:	2020-12-29T00:00:00
db:	NVD	id:	CVE-2020-35782	date:	2020-12-30T00:15:13.207