PT-2021-2392 · NetGear · Netgear Prosafe Plus Gs116Ev2+1
Published
2021-03-08
·
Updated
2021-03-16
·
CVE-2020-35232
CVSS v2.0
7.8
High
| Vector | AV:A/AC:L/Au:N/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Netgear ProSafe Plus JGS516PE version 2.6.0.43
Netgear ProSAFE Plus GS116Ev2 version 2.6.0.43
Description:
The issue is related to the implementation of the firmware update mechanism in Netgear devices, which lacks proper input validation. This allows a remote attacker to elevate their privileges and write arbitrary data to internal memory.
Recommendations:
For Netgear ProSafe Plus JGS516PE version 2.6.0.43, update the firmware to a version that properly implements firmware validations.
For Netgear ProSAFE Plus GS116Ev2 version 2.6.0.43, update the firmware to a version that properly implements firmware validations.
As a temporary workaround, consider restricting access to the TFTP firmware update mechanism until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Prosafe Plus Gs116Ev2
Netgear Prosafe Plus Jgs516Pe