PT-2021-2436 · NetGear · Netgear Prosafe Plus Jgs516Pe+1

Published

2021-03-08

·

Updated

2021-03-17

·

CVE-2020-35231

CVSS v3.1

8.8

High

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Netgear ProSafe Plus JGS516PE version 2.6.0.43 Netgear ProSAFE Plus GS116Ev2 version 2.6.0.43
Description: The issue is related to errors in the authentication procedure of the NSDP protocol implementation. This allows a remote attacker to bypass access controls and gain full control of the device.
Recommendations: For Netgear ProSafe Plus JGS516PE version 2.6.0.43, update to a version that fixes the authentication issue in the NSDP protocol implementation. For Netgear ProSAFE Plus GS116Ev2 version 2.6.0.43, update to a version that fixes the authentication issue in the NSDP protocol implementation. As a temporary workaround, consider restricting access to the NSDP protocol implementation until a patch is available.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2021-01692
CVE-2020-35231

Affected Products

Netgear Prosafe Plus Gs116Ev2
Netgear Prosafe Plus Jgs516Pe