49 matches found
EUVD-2020-23439
Malware in sbrugna...
EUVD-2020-23456
Malware in sbrugna...
Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability
Netgear JGS516PE devices contain a missing function level access control vulnerability...
NETGEAR JGS516PE/GS116Ev2 Cross-Site Scripting Vulnerability
The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A cross-site scripting vulnerability exists in the management web panel of the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the...
CVE-2020-35226
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command...
CVE-2020-35228
A cross-site scripting XSS vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter...
CVE-2020-35231
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device...
CVE-2020-35233
The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack...
CVE-2020-35227
A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices in the administration web panel allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command...
Design/Logic Flaw
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command...
Authentication flaw
The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers with access to network traffic to effectively gain administrative privileges...
CVE-2020-35233
The CVE-2020-35233 issue affects NETGEAR JGS516PE/GS116Ev2 switches (version 2.6.0.43). The root cause is the TFTP server’s inability to properly handle multiple concurrent connections, which can be exploited to trigger a denial-of-service resulting in device reboots. Publicly documented details ...
CVE-2020-35224
A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot...
CVE-2020-35225
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks...
CVE-2020-35230
CVE-2020-35230 affects NETGEAR JGS516PE/GS116Ev2 switches (Web Management Panel). The issue is an integer overflow in multiple web-parameter inputs, enabling a Denial of Service when triggering affected requests. The CVE description and connected advisories confirm the vulnerability exists in v2....
CVE-2020-35229
The CVE-2020-35229 issue affects NETGEAR JGS516PE/GS116Ev2 switches (v2.6.0.43). The root cause is that the authentication token used for NSDP write requests is not properly invalidated and can be reused until a new token is generated, enabling attackers with network access to effectively gain ad...
CVE-2020-35228
CVE-2020-35228 affects NETGEAR JGS516PE/GS116Ev2 switches running v2.6.0.43, where the administration web panel is vulnerable to cross-site scripting via the language parameter. The issue is described as an XSS in the management web interface that could allow attackers to inject arbitrary script/...
CVE-2020-35227
The CVE-2020-35227 entry describes a buffer overflow in the NETGEAR ProSAFE JGS516PE/GS116Ev2 switches (v2.6.0.43) in the admin web panel. The vulnerability affects the access control section, enabling an attacker to inject IP addresses into the whitelist by abusing the checkedList parameter in t...
CVE-2020-35226
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command...
CVE-2020-35226
CVE-2020-35226 affects NETGEAR JGS516PE/GS116Ev2 switches (v2.6.0.43). Affected component: DHCP configuration on the switch. Root cause: unauthenticated write access to DHCP settings, allowing modification via the corresponding write request command. Impact per sources: potential for DHCP configu...