Details of VAR-202012-1176

ID

VAR-202012-1176

CVE

CVE-2020-35801

TITLE

plural NETGEAR Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-014794

DESCRIPTION

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to update the switch firmware. plural NETGEAR An unspecified vulnerability exists in the device.Information is tampered with and denial of service (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-35801 // JVNDB: JVNDB-2020-014794

AFFECTED PRODUCTS

vendor:	netgear	model:	jgs524e	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	netgear	model:	jgs524pe	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	netgear	model:	gs116e	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	netgear	model:	jgs516pe	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	ネットギア	model:	jgs524pe	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jgs524e	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs116e	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jgs516pe	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-014794 // NVD: CVE-2020-35801

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35801
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2020-35801
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-35801
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202012-1736
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-35801
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-35801
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.2
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-35801
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.5
version:	3.1
Trust: 1.0
NVD:	CVE-2020-35801
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-014794 // CNNVD: CNNVD-202012-1736 // NVD: CVE-2020-35801 // NVD: CVE-2020-35801

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014794 // NVD: CVE-2020-35801

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202012-1736

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202012-1736

PATCH

title:

Security Advisory for Security Misconfiguration on Some Smart Managed Plus Switches, PSV-2020-0376

url:

https://kb.netgear.com/000062635/Security-Advisory-for-Security-Misconfiguration-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0376

Trust: 0.8

sources: JVNDB: JVNDB-2020-014794

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35801	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-014794	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1736	Trust: 0.6

sources: JVNDB: JVNDB-2020-014794 // CNNVD: CNNVD-202012-1736 // NVD: CVE-2020-35801

REFERENCES

url:	https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/	Trust: 1.6
url:	https://kb.netgear.com/000062635/security-advisory-for-security-misconfiguration-on-some-smart-managed-plus-switches-psv-2020-0376	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35801	Trust: 1.4

sources: JVNDB: JVNDB-2020-014794 // CNNVD: CNNVD-202012-1736 // NVD: CVE-2020-35801

SOURCES

db:	JVNDB	id:	JVNDB-2020-014794
db:	CNNVD	id:	CNNVD-202012-1736
db:	NVD	id:	CVE-2020-35801

LAST UPDATE DATE

2024-11-23T22:47:44.580000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-014794	date:	2021-08-31T05:14:00
db:	CNNVD	id:	CNNVD-202012-1736	date:	2021-03-24T00:00:00
db:	NVD	id:	CVE-2020-35801	date:	2024-11-21T05:28:08.977

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-014794	date:	2021-08-31T00:00:00
db:	CNNVD	id:	CNNVD-202012-1736	date:	2020-12-29T00:00:00
db:	NVD	id:	CVE-2020-35801	date:	2020-12-30T00:15:14.457