EUVD-2020-22903

Malware in sbrugna...

EUVD-2020-22904

Malware in sbrugna...

CVE-2020-35225

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks...

CVE-2020-35783

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switc...

Multiple NETGEAR Smart Switches Vulnerable to Input Validation Errors

GC108P and other smart switch products from Netgear, U.S.A. Several of Netgear's smart switches are vulnerable to an input validation error, which stems from a failure of the daemon to check for validation when an authentication TLV is missing from an incoming NSDP packet. An unauthenticated...

Authentication flaw

Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the disabled by default /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8....

CVE-2021-40866

Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the disabled by default /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8....

Multiple Write Command Buffer Overflow Vulnerabilities in NETGEAR JGS516PE/GS116Ev2

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A security vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. The vulnerability stems from the failure of the NSDP protocol implementation to properly validate the length of string parameters sent i...

NETGEAR JGS516PE/GS116Ev2 NSDP Authentication Bypass Vulnerability

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. An authentication bypass vulnerability exists in the NSDP protocol implementation of the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. An attacker could exploit this vulnerability to bypass access control and take full...

NETGEAR JGS516PE/GS116Ev2 Buffer Overflow Vulnerability (CNVD-2021-17575)

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. A buffer overflow vulnerability exists in the NSDP protocol authentication method in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. An attacker could exploit this vulnerability to cause the device to reboot...

CVE-2020-35225

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks...

CVE-2020-35224

A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot...

CVE-2020-35221

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers with access to a network capture to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original...

Buffer overflow

A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot...

Design/Logic Flaw

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks...

Design/Logic Flaw

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers with access to a network capture to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original...

CVE-2020-35231

The CVE-2020-35231 entry concerns the NETGEAR JGS516PE/GS116Ev2 NSDP protocol implementation (v2.6.0.43) with an authentication bypass that lets a remote attacker bypass access controls and obtain full device control. Multiple sources (NVD, Red Hat, CNVD, CNVD-derived entries) confirm an authenti...

CVE-2020-35231

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device...

CVE-2020-35225

The CVE-2020-35225 affects NETGEAR JGS516PE/GS116Ev2 devices running v2.6.0.43, where the NSDP protocol fails to validate the length of string parameters in write requests, potentially enabling a denial-of-service condition. The exploitation details are not provided in the supplied documents; no ...

CVE-2020-35225

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks...