Details of VAR-202103-0256

ID

VAR-202103-0256

CVE

CVE-2020-35220

TITLE

NETGEAR JGS516PE/GS116Ev2 firmware update vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-17572

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35801. Reason: This candidate is a reservation duplicate of CVE-2020-35801. Notes: All CVE users should reference CVE-2020-35801 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 version has firmware update vulnerability. The vulnerability stems from the fact that the TFTP server is active by default. An attacker can use this vulnerability to update the switch firmware

Trust: 1.44

sources: NVD: CVE-2020-35220 // CNVD: CNVD-2021-17572

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-17572

AFFECTED PRODUCTS

vendor:	netgear	model:	jgs516pe	scope:	eq	version:	2.6.0.43	Trust: 0.6
vendor:	netgear	model:	gs116ev2	scope:	eq	version:	2.6.0.43	Trust: 0.6

sources: CNVD: CNVD-2021-17572

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-17572
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202103-737
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2021-17572
severity:	HIGH
baseScore:	8.0
vectorString:	AV:A/AC:L/AU:N/C:P/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-17572 // CNNVD: CNNVD-202103-737

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-737

PATCH

title:	Patch for NETGEAR JGS516PE/GS116Ev2 firmware update vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/252771	Trust: 0.6
title:	NETGEAR JGS516PE Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144386	Trust: 0.6

sources: CNVD: CNVD-2021-17572 // CNNVD: CNNVD-202103-737

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35220	Trust: 2.2
db:	CNVD	id:	CNVD-2021-17572	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-737	Trust: 0.6

sources: CNVD: CNVD-2021-17572 // CNNVD: CNNVD-202103-737 // NVD: CVE-2020-35220

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-35220	Trust: 1.2
url:	https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/	Trust: 0.6

sources: CNVD: CNVD-2021-17572 // CNNVD: CNNVD-202103-737

SOURCES

db:	CNVD	id:	CNVD-2021-17572
db:	CNNVD	id:	CNNVD-202103-737
db:	NVD	id:	CVE-2020-35220

LAST UPDATE DATE

2024-08-14T13:23:42.847000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-17572	date:	2021-03-15T00:00:00
db:	CNNVD	id:	CNNVD-202103-737	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-35220	date:	2023-11-07T03:21:53.560

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-17572	date:	2021-03-15T00:00:00
db:	CNNVD	id:	CNNVD-202103-737	date:	2021-03-10T00:00:00
db:	NVD	id:	CVE-2020-35220	date:	2021-03-10T18:15:12.877