Sign-up

ID

VAR-202103-0267


CVE

CVE-2020-35231


TITLE

NETGEAR JGS516PE  and  GS116E  Authentication vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2020-016289

DESCRIPTION

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device. NETGEAR JGS516PE and GS116E There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR JGS516PE/GS116Ev2 is a 16-port gigabit intelligent network management Plus switch

Trust: 2.16

sources: NVD: CVE-2020-35231 // JVNDB: JVNDB-2020-016289 // CNVD: CNVD-2021-17582

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-17582

AFFECTED PRODUCTS

vendor:netgearmodel:jgs516pescope:eqversion:2.6.0.43

Trust: 1.6

vendor:netgearmodel:gs116escope:eqversion:2.6.0.43

Trust: 1.0

vendor:ネットギアmodel:gs116escope: - version: -

Trust: 0.8

vendor:ネットギアmodel:jgs516pescope: - version: -

Trust: 0.8

vendor:netgearmodel:gs116ev2scope:eqversion:2.6.0.43

Trust: 0.6

sources: CNVD: CNVD-2021-17582 // JVNDB: JVNDB-2020-016289 // NVD: CVE-2020-35231

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-35231
value: HIGH

Trust: 1.0

NVD: CVE-2020-35231
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-17582
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202103-731
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-35231
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-17582
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-35231
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-35231
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-17582 // JVNDB: JVNDB-2020-016289 // CNNVD: CNNVD-202103-731 // NVD: CVE-2020-35231

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-016289 // NVD: CVE-2020-35231

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-731

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202103-731

PATCH

title:Top Pageurl:https://www.netgear.com/

Trust: 0.8

title:NETGEAR JGS516PE Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144464

Trust: 0.6

sources: JVNDB: JVNDB-2020-016289 // CNNVD: CNNVD-202103-731

EXTERNAL IDS

db:NVDid:CVE-2020-35231

Trust: 3.0

db:JVNDBid:JVNDB-2020-016289

Trust: 0.8

db:CNVDid:CNVD-2021-17582

Trust: 0.6

db:CNNVDid:CNNVD-202103-731

Trust: 0.6

sources: CNVD: CNVD-2021-17582 // JVNDB: JVNDB-2020-016289 // CNNVD: CNNVD-202103-731 // NVD: CVE-2020-35231

REFERENCES

url:https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-35231

Trust: 2.0

sources: CNVD: CNVD-2021-17582 // JVNDB: JVNDB-2020-016289 // CNNVD: CNNVD-202103-731 // NVD: CVE-2020-35231

SOURCES

db:CNVDid:CNVD-2021-17582
db:JVNDBid:JVNDB-2020-016289
db:CNNVDid:CNNVD-202103-731
db:NVDid:CVE-2020-35231

LAST UPDATE DATE

2024-11-23T23:07:38.717000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-17582date:2021-03-15T00:00:00
db:JVNDBid:JVNDB-2020-016289date:2021-11-19T09:03:00
db:CNNVDid:CNNVD-202103-731date:2021-08-16T00:00:00
db:NVDid:CVE-2020-35231date:2024-11-21T05:27:04.453

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-17582date:2021-03-15T00:00:00
db:JVNDBid:JVNDB-2020-016289date:2021-11-19T00:00:00
db:CNNVDid:CNNVD-202103-731date:2021-03-10T00:00:00
db:NVDid:CVE-2020-35231date:2021-03-10T19:15:12.563