CVE-2020-35783

MEDIUM

NETGEAR JGS516PE/GS116Ev2/JGS524Ev2/JGS524PE < 2.6.0.48 - Unauthenticated Information Disclosure via NSDP Protocol

Title source: llm

Description

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383

Not Applicable x_refsource_misc

https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/

Scores

CVSS v3 6.5

EPSS 0.0054

EPSS Percentile 67.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (4)

netgear/gs116e_firmware < 2.6.0.48

netgear/jgs516pe_firmware < 2.6.0.48

netgear/jgs524e_firmware < 2.6.0.48

netgear/jgs524pe_firmware < 2.6.0.48

Published Dec 30, 2020

Tracked Since Feb 18, 2026