CVE-2020-35783
Description
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NETGEAR Smart Managed Plus Switches (JGS516PE, GS116Ev2, JGS524Ev2, JGS524PE) versions before 2.6.0.48 allow unauthenticated remote attackers to read all configuration via NSDP protocol due to missing access control.
Vulnerability
Missing function-level access control in the NSDP protocol of certain NETGEAR Smart Managed Plus Switches allows an unauthenticated remote attacker to retrieve all switch configuration parameters. Affected models: JGS516PE, GS116Ev2, JGS524Ev2, JGS524PE, firmware versions prior to 2.6.0.48. [1][2]
Exploitation
An attacker on the same network as the switch can send specially crafted NSDP read requests without authentication. The NSDP protocol does not enforce any access control checks, enabling retrieval of sensitive configuration data. [1]
Impact
Successful exploitation results in full disclosure of the switch configuration, including potentially sensitive network settings, credentials, and other operational parameters. The CVSS v3 score is 6.5 (Medium) with a vector of AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. [2]
Mitigation
NETGEAR released fixed firmware version 2.6.0.48 for all affected models. Users should update to this version or later as soon as possible. [2] No workarounds are documented; installation of the firmware update is the recommended mitigation. [2]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383mitrex_refsource_MISC
- research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.