CVE-2020-35221

Vulnerability

The hashing algorithm used for NSDP password authentication in NETGEAR JGS516PE/GS116Ev2 switches (firmware version v2.6.0.43) is insecure. According to reference [1], the algorithm is weak and permits collisions, enabling an attacker to generate valid passwords or infer parts of the original password from captured network traffic.

Exploitation

An attacker must have network access and the ability to capture NSDP authentication traffic (e.g., via passive sniffing on the local network). No authentication is required for this capture. The attacker then uses the captured data to computationally derive collisions or infer password fragments, leveraging the weak hashing scheme [1].

Impact

Successful exploitation allows the attacker to obtain a valid password for the switch's administrative interface. This can lead to unauthorized configuration changes, denial of service, or further network compromise depending on the attacker's objectives and network architecture [1].

Mitigation

As of the publication date (March 10, 2021), no official patch or firmware update has been released to address this issue. Users are advised to monitor NETGEAR's support page for future updates and consider restricting network access to the management interface as a workaround [1].