Details of VAR-202010-0585

ID

VAR-202010-0585

CVE

CVE-2020-26919

TITLE

NETGEAR JGS516PE Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-012278

DESCRIPTION

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. NETGEAR JGS516PE An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-26919 // JVNDB: JVNDB-2020-012278 // VULMON: CVE-2020-26919

AFFECTED PRODUCTS

vendor:	netgear	model:	jgs516pe	scope:	lt	version:	2.6.0.43	Trust: 1.0
vendor:	ネットギア	model:	jgs516pe	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jgs516pe	scope:	lt	version:	jgs516pe firmware 2.6.0.43 less than	Trust: 0.8

sources: JVNDB: JVNDB-2020-012278 // NVD: CVE-2020-26919

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26919
value:	CRITICAL
Trust: 1.0
cve@mitre.org:	CVE-2020-26919
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-26919
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202010-350
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2020-26919
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-26919
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2020-26919
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-012278
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-26919 // JVNDB: JVNDB-2020-012278 // CNNVD: CNNVD-202010-350 // NVD: CVE-2020-26919 // NVD: CVE-2020-26919

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Other (CWE-Other) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012278 // NVD: CVE-2020-26919

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-350

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-350

PATCH

title:	Security Advisory for Missing Function Level Access Control on JGS516PE, PSV-2020-0377	url:	https://kb.netgear.com/000062334/Security-Advisory-for-Missing-Function-Level-Access-Control-on-JGS516PE-PSV-2020-0377	Trust: 0.8
title:	NETGEAR JGS516PE Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131137	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2021/03/11/netgear_jgs516pe_switch_15_vulns/	Trust: 0.2
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/Ostorlab/KEV	Trust: 0.1
title:	Kenzer Templates [5170] [DEPRECATED]	url:	https://github.com/ARPSyndicate/kenzer-templates	Trust: 0.1

sources: VULMON: CVE-2020-26919 // JVNDB: JVNDB-2020-012278 // CNNVD: CNNVD-202010-350

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26919	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-012278	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-350	Trust: 0.6
db:	VULMON	id:	CVE-2020-26919	Trust: 0.1

sources: VULMON: CVE-2020-26919 // JVNDB: JVNDB-2020-012278 // CNNVD: CNNVD-202010-350 // NVD: CVE-2020-26919

REFERENCES

url:	https://kb.netgear.com/000062334/security-advisory-for-missing-function-level-access-control-on-jgs516pe-psv-2020-0377	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26919	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.theregister.co.uk/2021/03/11/netgear_jgs516pe_switch_15_vulns/	Trust: 0.1
url:	https://github.com/ostorlab/kev	Trust: 0.1

sources: VULMON: CVE-2020-26919 // JVNDB: JVNDB-2020-012278 // CNNVD: CNNVD-202010-350 // NVD: CVE-2020-26919

SOURCES

db:	VULMON	id:	CVE-2020-26919
db:	JVNDB	id:	JVNDB-2020-012278
db:	CNNVD	id:	CNNVD-202010-350
db:	NVD	id:	CVE-2020-26919

LAST UPDATE DATE

2024-08-14T14:18:45.789000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-26919	date:	2020-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-012278	date:	2021-04-28T07:36:00
db:	CNNVD	id:	CNNVD-202010-350	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2020-26919	date:	2020-10-19T14:23:53.627

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-26919	date:	2020-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-012278	date:	2021-04-28T00:00:00
db:	CNNVD	id:	CNNVD-202010-350	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2020-26919	date:	2020-10-09T07:15:17.607