Patch now! Netgear fixes serious smart switch vulnerabilities

In a security advisory, NetGear has announced it has fixed three vulnerabilities in firmware updates for several network devices. Most of the affected products are smart switches, some of them with cloud management capabilities that allow for configuring and monitoring them over the web. One of t...

Multiple Write Command Buffer Overflow Vulnerabilities in NETGEAR JGS516PE/GS116Ev2

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A security vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. The vulnerability stems from the failure of the NSDP protocol implementation to properly validate the length of string parameters sent i...

NETGEAR JGS516PE/GS116Ev2 Arbitrary Data Write Vulnerability

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. An arbitrary data write vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. The vulnerability stems from the TFTP firmware update mechanism not properly implementing firmware validation. A remote...

NETGEAR JGS516PE/GS116Ev2 NSDP Authentication Bypass Vulnerability

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. An authentication bypass vulnerability exists in the NSDP protocol implementation of the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. An attacker could exploit this vulnerability to bypass access control and take full...

NETGEAR JGS516PE/GS116Ev2 Integer Overflow Vulnerability

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. An integer overflow vulnerability exists in the Web Management Panel of the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. An attacker could exploit this vulnerability to cause a denial of service...

NETGEAR JGS516PE/GS116Ev2 Buffer Overflow Vulnerability (CNVD-2021-17575)

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A buffer overflow vulnerability exists in the NSDP protocol authentication method in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. An attacker could exploit this vulnerability to cause the device to reboot...

NETGEAR JGS516PE/GS116Ev2 Password Hash Mechanism Insecurity Vulnerability

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A security vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. It allows an external attacker to gain administrative access to the switch...

NETGEAR JGS516PE/GS116Ev2 Denial of Service Vulnerability

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A denial of service vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. The vulnerability stems from the TFTP server not being able to handle multiple connections. An attacker could exploit the...

NETGEAR JGS516PE/GS116Ev2 Information Disclosure Vulnerability

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. An information disclosure vulnerability exists in the NSDP protocol implementation of the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. A remote, unauthenticated attacker can exploit this vulnerability by sending a...

Netgear NETGEAR JGS516PE 加密问题漏洞

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A security vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. It allows an external attacker to gain administrative access to the switch...

Netgear NETGEAR JGS516PE 安全漏洞

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. An information disclosure vulnerability exists in the NSDP protocol implementation of the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. A remote, unauthenticated attacker can exploit this vulnerability by sending a...

Netgear NETGEAR JGS516PE 授权问题漏洞

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. An authentication bypass vulnerability exists in the NSDP protocol implementation of the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. An attacker could exploit this vulnerability to bypass access control and take full...

Multiple NETGEAR switching hubs vulnerable to cross-site request forgery

Overview GS716Tv2 and GS724Tv3 switching hubs provided by NETGEAR contain a cross-site request forgery vulnerability. Rei Yano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a malicious page...