Details of VAR-202103-0257

ID

VAR-202103-0257

CVE

CVE-2020-35221

TITLE

NETGEAR JGS516PE and GS116E Cryptographic strength vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-016284

DESCRIPTION

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original. NETGEAR JGS516PE and GS116E There are cryptographic strength vulnerabilities in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch. NETGEAR JGS516PE/GS116Ev2 2.6.0.43 version has security vulnerabilities. Allow external attackers to gain administrative access to the switch

Trust: 2.16

sources: NVD: CVE-2020-35221 // JVNDB: JVNDB-2020-016284 // CNVD: CNVD-2021-17573

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-17573

AFFECTED PRODUCTS

vendor:	netgear	model:	jgs516pe	scope:	eq	version:	2.6.0.43	Trust: 1.6
vendor:	netgear	model:	gs116e	scope:	eq	version:	2.6.0.43	Trust: 1.0
vendor:	ネットギア	model:	gs116e	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	jgs516pe	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	gs116ev2	scope:	eq	version:	2.6.0.43	Trust: 0.6

sources: CNVD: CNVD-2021-17573 // JVNDB: JVNDB-2020-016284 // NVD: CVE-2020-35221

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35221
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-35221
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-17573
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202103-738
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-35221
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-17573
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-35221
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-35221
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-17573 // JVNDB: JVNDB-2020-016284 // CNNVD: CNNVD-202103-738 // NVD: CVE-2020-35221

PROBLEMTYPE DATA

problemtype:	CWE-326	Trust: 1.0
problemtype:	Inadequate encryption strength (CWE-326) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-016284 // NVD: CVE-2020-35221

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-738

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202103-738

PATCH

title:	Top Page	url:	https://www.netgear.com/	Trust: 0.8
title:	NETGEAR JGS516PE Fixes for encryption problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144469	Trust: 0.6

sources: JVNDB: JVNDB-2020-016284 // CNNVD: CNNVD-202103-738

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35221	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-016284	Trust: 0.8
db:	CNVD	id:	CNVD-2021-17573	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-738	Trust: 0.6

sources: CNVD: CNVD-2021-17573 // JVNDB: JVNDB-2020-016284 // CNNVD: CNNVD-202103-738 // NVD: CVE-2020-35221

REFERENCES

url:	https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35221	Trust: 2.0

sources: CNVD: CNVD-2021-17573 // JVNDB: JVNDB-2020-016284 // CNNVD: CNNVD-202103-738 // NVD: CVE-2020-35221

SOURCES

db:	CNVD	id:	CNVD-2021-17573
db:	JVNDB	id:	JVNDB-2020-016284
db:	CNNVD	id:	CNNVD-202103-738
db:	NVD	id:	CVE-2020-35221

LAST UPDATE DATE

2024-11-23T21:58:46.983000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-17573	date:	2021-03-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-016284	date:	2021-11-19T09:03:00
db:	CNNVD	id:	CNNVD-202103-738	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-35221	date:	2024-11-21T05:27:02.817

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-17573	date:	2021-03-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-016284	date:	2021-11-19T00:00:00
db:	CNNVD	id:	CNNVD-202103-738	date:	2021-03-10T00:00:00
db:	NVD	id:	CVE-2020-35221	date:	2021-03-10T18:15:12.937