CVE-2020-35784

MEDIUM

NETGEAR JGS516PE JGS524PE JGS524Ev2 GS116Ev2 < 2.6.0.48 - Missing Function-Level Access Control

Title source: llm

Description

Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396

Scores

CVSS v3 6.2

EPSS 0.0031

EPSS Percentile 54.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

Details

Status published

Products (4)

netgear/gs116e_firmware < 2.6.0.48

netgear/jgs516pe_firmware < 2.6.0.48

netgear/jgs524e_firmware < 2.6.0.48

netgear/jgs524pe_firmware < 2.6.0.48

Published Dec 30, 2020

Tracked Since Feb 18, 2026