Sign-up

ID

VAR-202103-0266


CVE

CVE-2020-35230


TITLE

NETGEAR JGS516PE  and  GS116E  Integer overflow vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2020-016288

DESCRIPTION

Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack. NETGEAR JGS516PE and GS116E An integer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch

Trust: 2.16

sources: NVD: CVE-2020-35230 // JVNDB: JVNDB-2020-016288 // CNVD: CNVD-2021-17581

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-17581

AFFECTED PRODUCTS

vendor:netgearmodel:jgs516pescope:eqversion:2.6.0.43

Trust: 1.6

vendor:netgearmodel:gs116escope:eqversion:2.6.0.43

Trust: 1.0

vendor:ネットギアmodel:gs116escope: - version: -

Trust: 0.8

vendor:ネットギアmodel:jgs516pescope: - version: -

Trust: 0.8

vendor:netgearmodel:gs116ev2scope:eqversion:2.6.0.43

Trust: 0.6

sources: CNVD: CNVD-2021-17581 // JVNDB: JVNDB-2020-016288 // NVD: CVE-2020-35230

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-35230
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-35230
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-17581
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202103-732
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-35230
severity: MEDIUM
baseScore: 6.7
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-17581
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-35230
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-35230
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-17581 // JVNDB: JVNDB-2020-016288 // CNNVD: CNNVD-202103-732 // NVD: CVE-2020-35230

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.0

problemtype:Integer overflow or wraparound (CWE-190) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-016288 // NVD: CVE-2020-35230

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-732

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202103-732

PATCH

title:Top Pageurl:https://www.netgear.com/

Trust: 0.8

title:NETGEAR JGS516PE Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144465

Trust: 0.6

sources: JVNDB: JVNDB-2020-016288 // CNNVD: CNNVD-202103-732

EXTERNAL IDS

db:NVDid:CVE-2020-35230

Trust: 3.0

db:JVNDBid:JVNDB-2020-016288

Trust: 0.8

db:CNVDid:CNVD-2021-17581

Trust: 0.6

db:CNNVDid:CNNVD-202103-732

Trust: 0.6

sources: CNVD: CNVD-2021-17581 // JVNDB: JVNDB-2020-016288 // CNNVD: CNNVD-202103-732 // NVD: CVE-2020-35230

REFERENCES

url:https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-35230

Trust: 2.0

sources: CNVD: CNVD-2021-17581 // JVNDB: JVNDB-2020-016288 // CNNVD: CNNVD-202103-732 // NVD: CVE-2020-35230

SOURCES

db:CNVDid:CNVD-2021-17581
db:JVNDBid:JVNDB-2020-016288
db:CNNVDid:CNNVD-202103-732
db:NVDid:CVE-2020-35230

LAST UPDATE DATE

2024-11-23T22:44:15.617000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-17581date:2021-03-15T00:00:00
db:JVNDBid:JVNDB-2020-016288date:2021-11-19T09:03:00
db:CNNVDid:CNNVD-202103-732date:2021-08-16T00:00:00
db:NVDid:CVE-2020-35230date:2024-11-21T05:27:04.280

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-17581date:2021-03-15T00:00:00
db:JVNDBid:JVNDB-2020-016288date:2021-11-19T00:00:00
db:CNNVDid:CNNVD-202103-732date:2021-03-10T00:00:00
db:NVDid:CVE-2020-35230date:2021-03-10T19:15:12.500