Details of VAR-202012-1137

ID

VAR-202012-1137

CVE

CVE-2020-35783

TITLE

plural NETGEAR device Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-015073

DESCRIPTION

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests. plural NETGEAR device Contains an unspecified vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-35783 // JVNDB: JVNDB-2020-015073

AFFECTED PRODUCTS

vendor:	netgear	model:	jgs524e	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	netgear	model:	jgs524pe	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	netgear	model:	gs116e	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	netgear	model:	jgs516pe	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	ネットギア	model:	jgs524pe	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jgs524e	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jgs516pe	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs116e	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-015073 // NVD: CVE-2020-35783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35783
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2020-35783
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-35783
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202012-1743
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-35783
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-35783
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-015073
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-015073 // CNNVD: CNNVD-202012-1743 // NVD: CVE-2020-35783 // NVD: CVE-2020-35783

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-015073 // NVD: CVE-2020-35783

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202012-1743

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202012-1743

PATCH

title:	Security Advisory for Missing Function Level Access Control on Some Smart Managed Plus Switches, PSV-2020-0383	url:	https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383	Trust: 0.8
title:	Multiple Netgear Product access control error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138266	Trust: 0.6

sources: JVNDB: JVNDB-2020-015073 // CNNVD: CNNVD-202012-1743

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35783	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-015073	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1743	Trust: 0.6

sources: JVNDB: JVNDB-2020-015073 // CNNVD: CNNVD-202012-1743 // NVD: CVE-2020-35783

REFERENCES

url:	https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/	Trust: 1.6
url:	https://kb.netgear.com/000062637/security-advisory-for-missing-function-level-access-control-on-some-smart-managed-plus-switches-psv-2020-0383	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35783	Trust: 1.4

sources: JVNDB: JVNDB-2020-015073 // CNNVD: CNNVD-202012-1743 // NVD: CVE-2020-35783

SOURCES

db:	JVNDB	id:	JVNDB-2020-015073
db:	CNNVD	id:	CNNVD-202012-1743
db:	NVD	id:	CVE-2020-35783

LAST UPDATE DATE

2024-11-23T21:51:07.359000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-015073	date:	2021-09-09T07:46:00
db:	CNNVD	id:	CNNVD-202012-1743	date:	2021-03-24T00:00:00
db:	NVD	id:	CVE-2020-35783	date:	2024-11-21T05:28:05.050

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-015073	date:	2021-09-09T00:00:00
db:	CNNVD	id:	CNNVD-202012-1743	date:	2020-12-29T00:00:00
db:	NVD	id:	CVE-2020-35783	date:	2020-12-30T00:15:13.267