JGS516PE
by Netgear
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-26919 | 0.20 | — | 0.94 | KEV | Oct 9, 2020 | NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. | ||
| CVE-2020-35233 | 0.00 | — | 0.00 | Mar 10, 2021 | The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack. | |||
| CVE-2020-35231 | 0.00 | — | 0.00 | Mar 10, 2021 | The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device. | |||
| CVE-2020-35230 | 0.00 | — | 0.00 | Mar 10, 2021 | Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack. | |||
| CVE-2020-35228 | 0.00 | — | 0.00 | Mar 10, 2021 | A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter. | |||
| CVE-2020-35227 | 0.00 | — | 0.01 | Mar 10, 2021 | A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command. | |||
| CVE-2020-35226 | 0.00 | — | 0.00 | Mar 10, 2021 | NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command. | |||
| CVE-2020-35225 | 0.00 | — | 0.00 | Mar 10, 2021 | The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks. | |||
| CVE-2020-35224 | 0.00 | — | 0.01 | Mar 10, 2021 | A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot. | |||
| CVE-2020-35223 | 0.00 | — | 0.00 | Mar 10, 2021 | The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests. | |||
| CVE-2020-35221 | 0.00 | — | 0.00 | Mar 10, 2021 | The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some… | |||
| CVE-2020-35782 | 0.00 | — | 0.00 | Dec 29, 2020 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware… | |||
| CVE-2020-35783 | 0.00 | — | 0.01 | Dec 29, 2020 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to… | |||
| CVE-2020-35784 | 0.00 | — | 0.00 | Dec 29, 2020 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48. | |||
| CVE-2020-35801 | 0.00 | — | 0.01 | Dec 29, 2020 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote… | |||
| CVE-2017-18862 | 0.00 | — | 0.00 | Apr 28, 2020 | Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11,… | |||
| CVE-2020-11791 | 0.00 | — | 0.00 | Apr 15, 2020 | NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS. |
- risk 0.20cvss —epss 0.94
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.
- CVE-2020-35233Mar 10, 2021risk 0.00cvss —epss 0.00
The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack.
- CVE-2020-35231Mar 10, 2021risk 0.00cvss —epss 0.00
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device.
- CVE-2020-35230Mar 10, 2021risk 0.00cvss —epss 0.00
Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack.
- CVE-2020-35228Mar 10, 2021risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter.
- CVE-2020-35227Mar 10, 2021risk 0.00cvss —epss 0.01
A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.
- CVE-2020-35226Mar 10, 2021risk 0.00cvss —epss 0.00
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command.
- CVE-2020-35225Mar 10, 2021risk 0.00cvss —epss 0.00
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks.
- CVE-2020-35224Mar 10, 2021risk 0.00cvss —epss 0.01
A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.
- CVE-2020-35223Mar 10, 2021risk 0.00cvss —epss 0.00
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.
- CVE-2020-35221Mar 10, 2021risk 0.00cvss —epss 0.00
The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some…
- CVE-2020-35782Dec 29, 2020risk 0.00cvss —epss 0.00
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware…
- CVE-2020-35783Dec 29, 2020risk 0.00cvss —epss 0.01
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to…
- CVE-2020-35784Dec 29, 2020risk 0.00cvss —epss 0.00
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48.
- CVE-2020-35801Dec 29, 2020risk 0.00cvss —epss 0.01
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote…
- CVE-2017-18862Apr 28, 2020risk 0.00cvss —epss 0.00
Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11,…
- CVE-2020-11791Apr 15, 2020risk 0.00cvss —epss 0.00
NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS.