CVE-2020-35221

Name of the Vulnerable Software and Affected Versions NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43

Description The hashing algorithm used for NSDP password authentication is insecure, allowing attackers with network capture access to generate collisions and infer parts of the original password, or create valid passwords. This issue is related to the implementation of the Netgear Switch Discovery Protocol (NSDP) in the firmware of NETGEAR ProSAFE Plus switches, which contains defects in its hashing algorithm. Exploitation of this issue may allow a remote attacker to elevate their privileges.

Recommendations For version 2.6.0.43, at the moment, there is no information about a newer version that contains a fix for this vulnerability.