44 matches found
EUVD-2020-22904
Malware in sbrugna...
CVE-2020-11791
NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS...
CVE-2020-26919
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level...
VulnCheck KEV: CVE-2020-26919
Netgear JGS516PE devices contain a missing function level access control vulnerability...
NETGEAR JGS516PE/GS116Ev2 Unauthenticated Write Access Privilege to DHCP Configuration Vulnerability
The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A security vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. An attacker can exploit the vulnerability to force multiple DHCP requests or disable them, potentially resulting in a denial of service...
NETGEAR JGS516PE/GS116Ev2 Buffer Overflow Vulnerability
The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A buffer overflow vulnerability exists in the access control section of the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. An attacker can exploit this vulnerability by injecting IP addresses into a whitelist via the...
NETGEAR JGS516PE/GS116Ev2 Firmware Update Vulnerability
The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A firmware update vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. The vulnerability stems from the TFTP server being active by default. An attacker could exploit this vulnerability to update the...
NETGEAR JGS516PE/GS116Ev2 Authentication Token Reuse Vulnerability
The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. An authentication token reuse vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. The vulnerability stems from the authentication token required to perform an NSDP write request not being properly...
CVE-2020-35230
Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack...
CVE-2020-35229
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers with access to network traffic to effectively gain administrative privileges...
CVE-2020-35226
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command...
CVE-2020-35231
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device...
CVE-2020-35229
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers with access to network traffic to effectively gain administrative privileges...
CVE-2020-35228
A cross-site scripting XSS vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter...
Integer overflow
Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack...
Code injection
The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack...
Authentication flaw
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device...
CVE-2020-35223
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests...
CVE-2020-35224
A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot...
CVE-2020-35223
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests...