Netgear

Gs116e Firmware

18 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2020-35233

  • EPSS 0.1%
  • Published 10.03.2021 19:15:12
  • Last modified 21.11.2024 05:27:04

The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack.

8.8

CVE-2020-35231

  • EPSS 0.13%
  • Published 10.03.2021 19:15:12
  • Last modified 21.11.2024 05:27:04

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device.

6.8

CVE-2020-35230

  • EPSS 0.13%
  • Published 10.03.2021 19:15:12
  • Last modified 21.11.2024 05:27:04

Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack.

8.8

CVE-2020-35229

  • EPSS 0.13%
  • Published 10.03.2021 19:15:12
  • Last modified 21.11.2024 05:27:04

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to e...

4.8

CVE-2020-35228

  • EPSS 0.17%
  • Published 10.03.2021 19:15:12
  • Last modified 21.11.2024 05:27:03

A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter.

7.2

CVE-2020-35227

  • EPSS 0.57%
  • Published 10.03.2021 19:15:12
  • Last modified 21.11.2024 05:27:03

A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete co...

7.1

CVE-2020-35226

  • EPSS 0.49%
  • Published 10.03.2021 19:15:12
  • Last modified 21.11.2024 05:27:03

NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command.

6.5

CVE-2020-35224

  • EPSS 0.67%
  • Published 10.03.2021 18:15:13
  • Last modified 21.11.2024 05:27:03

A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.

6.8

CVE-2020-35225

  • EPSS 0.13%
  • Published 10.03.2021 18:15:13
  • Last modified 21.11.2024 05:27:03

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks.

8.8

CVE-2020-35223

  • EPSS 0.14%
  • Published 10.03.2021 18:15:13
  • Last modified 21.11.2024 05:27:03

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.