ID

VAR-202010-0585


CVE

CVE-2020-26919


TITLE

NETGEAR JGS516PE  Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-012278

DESCRIPTION

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. NETGEAR JGS516PE An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-26919 // JVNDB: JVNDB-2020-012278 // VULMON: CVE-2020-26919

AFFECTED PRODUCTS

vendor:netgearmodel:jgs516pescope:ltversion:2.6.0.43

Trust: 1.0

vendor:ネットギアmodel:jgs516pescope:eqversion: -

Trust: 0.8

vendor:ネットギアmodel:jgs516pescope:ltversion:jgs516pe firmware 2.6.0.43 less than

Trust: 0.8

sources: JVNDB: JVNDB-2020-012278 // NVD: CVE-2020-26919

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26919
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2020-26919
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-26919
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202010-350
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-26919
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-26919
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-26919
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-012278
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-26919 // JVNDB: JVNDB-2020-012278 // CNNVD: CNNVD-202010-350 // NVD: CVE-2020-26919 // NVD: CVE-2020-26919

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Other (CWE-Other) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012278 // NVD: CVE-2020-26919

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-350

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-350

PATCH

title:Security Advisory for Missing Function Level Access Control on JGS516PE, PSV-2020-0377url:https://kb.netgear.com/000062334/Security-Advisory-for-Missing-Function-Level-Access-Control-on-JGS516PE-PSV-2020-0377

Trust: 0.8

title:NETGEAR JGS516PE Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131137

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2021/03/11/netgear_jgs516pe_switch_15_vulns/

Trust: 0.2

title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV

Trust: 0.1

title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

sources: VULMON: CVE-2020-26919 // JVNDB: JVNDB-2020-012278 // CNNVD: CNNVD-202010-350

EXTERNAL IDS

db:NVDid:CVE-2020-26919

Trust: 2.5

db:JVNDBid:JVNDB-2020-012278

Trust: 0.8

db:CNNVDid:CNNVD-202010-350

Trust: 0.6

db:VULMONid:CVE-2020-26919

Trust: 0.1

sources: VULMON: CVE-2020-26919 // JVNDB: JVNDB-2020-012278 // CNNVD: CNNVD-202010-350 // NVD: CVE-2020-26919

REFERENCES

url:https://kb.netgear.com/000062334/security-advisory-for-missing-function-level-access-control-on-jgs516pe-psv-2020-0377

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-26919

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.theregister.co.uk/2021/03/11/netgear_jgs516pe_switch_15_vulns/

Trust: 0.1

url:https://github.com/ostorlab/kev

Trust: 0.1

sources: VULMON: CVE-2020-26919 // JVNDB: JVNDB-2020-012278 // CNNVD: CNNVD-202010-350 // NVD: CVE-2020-26919

SOURCES

db:VULMONid:CVE-2020-26919
db:JVNDBid:JVNDB-2020-012278
db:CNNVDid:CNNVD-202010-350
db:NVDid:CVE-2020-26919

LAST UPDATE DATE

2024-08-14T14:18:45.789000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-26919date:2020-10-19T00:00:00
db:JVNDBid:JVNDB-2020-012278date:2021-04-28T07:36:00
db:CNNVDid:CNNVD-202010-350date:2020-10-21T00:00:00
db:NVDid:CVE-2020-26919date:2020-10-19T14:23:53.627

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-26919date:2020-10-09T00:00:00
db:JVNDBid:JVNDB-2020-012278date:2021-04-28T00:00:00
db:CNNVDid:CNNVD-202010-350date:2020-10-09T00:00:00
db:NVDid:CVE-2020-26919date:2020-10-09T07:15:17.607