Unrated severityNVD Advisory· Published Dec 29, 2020· Updated Aug 4, 2024

CVE-2020-35784

Description

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing function-level access control in several NETGEAR smart managed plus switches allows authenticated administrators to bypass intended restrictions.

Vulnerability

A missing function-level access control vulnerability affects several NETGEAR Smart Managed Plus Switch models. The affected devices are JGS516PE, JGS524PE, JGS524Ev2, and GS116Ev2 running firmware versions prior to 2.6.0.48. The flaw allows users with administrative access to perform actions that should be restricted, due to inadequate enforcement of permissions at the function level.

Exploitation

An attacker needs to have administrative access to the device's web-based management interface. No other special network position or user interaction is required beyond valid admin credentials. The attacker can then access functions that are not properly protected, bypassing intended access controls [1].

Impact

Successful exploitation could allow an authenticated administrator to gain unauthorized access to administrative functions, potentially leading to information disclosure (high confidentiality impact), modification of device configuration or data (high integrity impact), and limited availability impact (low availability impact). The CVSS v3 score is 6.2 (Medium) [1].

Mitigation

NETGEAR has released fixed firmware version 2.6.0.48 for all affected models. Users should download and install the latest firmware from the NETGEAR Support website. There are no known workarounds; updating to the patched version is the recommended mitigation [1].

References

Security Advisory for Missing Function Level Access Control on Some Smart Managed Plus Switches, PSV-2020-0396

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Netgear/JGS524PEllm-create
Range: <2.6.0.48
Netgear/JGS516PEllm-fuzzy
Range: <2.6.0.48
Netgear/JGS524Ev2llm-fuzzy
Range: <2.6.0.48

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000