6.5
CVE-2020-35783
- EPSS 0.86%
- Veröffentlicht 30.12.2020 00:15:13
- Zuletzt bearbeitet 21.11.2024 05:28:05
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netgear ≫ Jgs516pe Firmware Version < 2.6.0.48
Netgear ≫ Jgs524e Firmware Version < 2.6.0.48
Netgear ≫ Jgs524pe Firmware Version < 2.6.0.48
Netgear ≫ Gs116e Firmware Version < 2.6.0.48
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.86% | 0.728 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| cve@mitre.org | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|