Details of VAR-202012-1183

ID

VAR-202012-1183

CVE

CVE-2020-35784

TITLE

plural NETGEAR Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-014976

DESCRIPTION

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48. plural NETGEAR An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-35784 // JVNDB: JVNDB-2020-014976

AFFECTED PRODUCTS

vendor:	netgear	model:	jgs524e	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	netgear	model:	jgs524pe	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	netgear	model:	gs116e	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	netgear	model:	jgs516pe	scope:	lt	version:	2.6.0.48	Trust: 1.0
vendor:	ネットギア	model:	gs116e	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jgs524pe	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jgs524e	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jgs516pe	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-014976 // NVD: CVE-2020-35784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35784
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2020-35784
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-35784
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202012-1746
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-35784
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-35784
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-35784
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	0.7
impactScore:	5.5
version:	3.1
Trust: 1.0
NVD:	CVE-2020-35784
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-014976 // CNNVD: CNNVD-202012-1746 // NVD: CVE-2020-35784 // NVD: CVE-2020-35784

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Other (CWE-Other) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014976 // NVD: CVE-2020-35784

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1746

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-1746

PATCH

title:	Security Advisory for Missing Function Level Access Control on Some Smart Managed Plus Switches, PSV-2020-0396	url:	https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396	Trust: 0.8
title:	Certain NETGEAR devices Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138125	Trust: 0.6

sources: JVNDB: JVNDB-2020-014976 // CNNVD: CNNVD-202012-1746

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35784	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-014976	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1746	Trust: 0.6

sources: JVNDB: JVNDB-2020-014976 // CNNVD: CNNVD-202012-1746 // NVD: CVE-2020-35784

REFERENCES

url:	https://kb.netgear.com/000062638/security-advisory-for-missing-function-level-access-control-on-some-smart-managed-plus-switches-psv-2020-0396	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35784	Trust: 1.4

sources: JVNDB: JVNDB-2020-014976 // CNNVD: CNNVD-202012-1746 // NVD: CVE-2020-35784

SOURCES

db:	JVNDB	id:	JVNDB-2020-014976
db:	CNNVD	id:	CNNVD-202012-1746
db:	NVD	id:	CVE-2020-35784

LAST UPDATE DATE

2024-11-23T23:07:45.599000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-014976	date:	2021-09-07T06:17:00
db:	CNNVD	id:	CNNVD-202012-1746	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-35784	date:	2024-11-21T05:28:05.247

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-014976	date:	2021-09-07T00:00:00
db:	CNNVD	id:	CNNVD-202012-1746	date:	2020-12-29T00:00:00
db:	NVD	id:	CVE-2020-35784	date:	2020-12-30T00:15:13.330