Gs116e Firmware@2.6.0.43 Security Vulnerabilities and Issues — Gs116e Firmware@2.6.0.43 CVE List

Lucene search

NetgearGs116e Firmware2.6.0.43

11 matches found

CVE•added 2021/03/10 7:15 p.m.•52 views

CVE-2020-35226

NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command.

7.1CVSS7AI score0.00487EPSS

CVE•added 2021/03/10 7:15 p.m.•50 views

CVE-2020-35228

A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter.

4.8CVSS5AI score0.00174EPSS

CVE•added 2021/03/10 7:15 p.m.•48 views

CVE-2020-35230

Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack.

6.8CVSS6.7AI score0.00134EPSS

CVE•added 2021/03/10 6:15 p.m.•46 views

CVE-2020-35225

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks.

6.8CVSS6.6AI score0.00126EPSS

CVE•added 2021/03/10 7:15 p.m.•46 views

CVE-2020-35227

A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.

7.2CVSS7.1AI score0.00565EPSS

CVE•added 2021/03/10 7:15 p.m.•45 views

CVE-2020-35229

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.

8.8CVSS9AI score0.00093EPSS

CVE•added 2021/03/10 6:15 p.m.•44 views

CVE-2020-35223

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.

8.8CVSS8.7AI score0.00142EPSS

CVE•added 2021/03/10 6:15 p.m.•44 views

CVE-2020-35224

A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.

6.5CVSS6.9AI score0.00497EPSS

CVE•added 2021/03/10 6:15 p.m.•42 views

CVE-2020-35221

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original.

8.8CVSS8.8AI score0.00032EPSS

CVE•added 2021/03/10 7:15 p.m.•42 views

CVE-2020-35231

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device.

8.8CVSS8.8AI score0.00095EPSS

CVE•added 2021/03/10 7:15 p.m.•40 views

CVE-2020-35233

The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack.

6.5CVSS6.4AI score0.00101EPSS