Details of VAR-202010-0587

ID

VAR-202010-0587

CVE

CVE-2020-26921

TITLE

plural NETGEAR Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-012117

DESCRIPTION

Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3. plural NETGEAR The product contains unspecified vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR XS512EM, etc. are all products of NETGEAR. NETGEAR XS512EM is a switch. NETGEAR XS724EM is a switch. NETGEAR GS810EMX is an Ethernet switch. Certain NETGEAR devices GS110EMX version before 1.0.1.7, GS810EMX version before 1.7.1.3, XS512EM version before 1.0.1.3, and XS724EM version before 1.0.1.3 have security vulnerabilities, which are caused by the lack of identity verification measures or identity verification in network systems or products Insufficient strength

Trust: 2.16

sources: NVD: CVE-2020-26921 // JVNDB: JVNDB-2020-012117 // CNVD: CNVD-2020-58122

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-58122

AFFECTED PRODUCTS

vendor:	netgear	model:	gs810emx	scope:	lt	version:	1.7.1.3	Trust: 1.6
vendor:	netgear	model:	xs512em	scope:	lt	version:	1.0.1.3	Trust: 1.6
vendor:	netgear	model:	xs724em	scope:	lt	version:	1.0.1.3	Trust: 1.6
vendor:	netgear	model:	gs110emx	scope:	lt	version:	1.0.1.7	Trust: 1.0
vendor:	ネットギア	model:	gs110emx	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs810emx	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	xs512em	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	xs724em	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	certain netgear devices gs110emx	scope:	lt	version:	1.0.1.7	Trust: 0.6

sources: CNVD: CNVD-2020-58122 // JVNDB: JVNDB-2020-012117 // NVD: CVE-2020-26921

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26921
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2020-26921
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-26921
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-58122
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202010-352
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-26921
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-58122
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-26921
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-26921
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.5
version:	3.1
Trust: 1.0
NVD:	CVE-2020-26921
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-58122 // JVNDB: JVNDB-2020-012117 // CNNVD: CNNVD-202010-352 // NVD: CVE-2020-26921 // NVD: CVE-2020-26921

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012117 // NVD: CVE-2020-26921

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-352

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-352

PATCH

title:	Security Advisory for Authentication Bypass on Some Smart Managed Plus Switches, PSV-2020-0305	url:	https://kb.netgear.com/000062332/Security-Advisory-for-Authentication-Bypass-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0305	Trust: 0.8
title:	Patch for Certain NETGEAR devices GS110EMX authentication vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/237394	Trust: 0.6
title:	Multiple NETGEAR Repair measures for device security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131138	Trust: 0.6

sources: CNVD: CNVD-2020-58122 // JVNDB: JVNDB-2020-012117 // CNNVD: CNNVD-202010-352

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26921	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-012117	Trust: 0.8
db:	CNVD	id:	CNVD-2020-58122	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-352	Trust: 0.6

sources: CNVD: CNVD-2020-58122 // JVNDB: JVNDB-2020-012117 // CNNVD: CNNVD-202010-352 // NVD: CVE-2020-26921

REFERENCES

url:	https://kb.netgear.com/000062332/security-advisory-for-authentication-bypass-on-some-smart-managed-plus-switches-psv-2020-0305	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26921	Trust: 1.4

sources: CNVD: CNVD-2020-58122 // JVNDB: JVNDB-2020-012117 // CNNVD: CNNVD-202010-352 // NVD: CVE-2020-26921

SOURCES

db:	CNVD	id:	CNVD-2020-58122
db:	JVNDB	id:	JVNDB-2020-012117
db:	CNNVD	id:	CNNVD-202010-352
db:	NVD	id:	CVE-2020-26921

LAST UPDATE DATE

2024-11-23T22:21:01.482000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-58122	date:	2020-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-012117	date:	2021-04-26T03:13:00
db:	CNNVD	id:	CNNVD-202010-352	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2020-26921	date:	2024-11-21T05:20:30.073

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-58122	date:	2020-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-012117	date:	2021-04-26T00:00:00
db:	CNNVD	id:	CNNVD-202010-352	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2020-26921	date:	2020-10-09T07:15:17.760