![]() Technical Advisories: Unauthenticated Remote Code Execution (CVE-2020-26919) Vendor: Netgear Inc. Furthermore, we were informed that, due to hardware limitations, it is not possible to implement many of the standard encryption protocols, such as those needed to implement HTTPS. Netgear reported that most of the vulnerabilities affecting the NSDP protocol were known due to end-of-life years ago and it is still enabled for legacy reasons, for customers who preferred to use Prosafe Plus. Ineffective Cross Site Request Forgery Protections (CVE-2020-35223).Multiple Write Commands Buffer Overflow (CVE-2020-35225).Multiple Integer Overflow Instances (CVE-2020-35230).TFTP Unexpected Behaviours (CVE-2020-35233).Unauthenticated Access to Switch Configuration Parameters (CVE-2020-35222).Unauthenticated Write Access to DHCP Configuration (CVE-2020-35226).Buffer Overflow in IP Source Params (CVE-2020-35227).Stored XSS in Language Settings (CVE-2020-35228).Authentication Token Reu se (CVE-2020-35229).Insecure Password Hashing Mechanism (CVE-2020-35221).Unauthenticated Buffer Overflow (CVE-2020-35224).TFTP Ineffective Firmware Checks (CVE-2020-35232). ![]() Unauthenticated Firmware Update Mechanism (CVE-2020-35220).NSDP Authentication Bypass (CVE-2020-35231).Unauthenticated Remote Code Execution (CVE-2020-26919).The following vulnerabilities were the most relevant identified during the internal research: The most critical vulnerability could allow unauthenticated users to gain arbitrary code execution. Multiple vulnerabilities were found in Netgear ProSafe Plus JGS516PE switches that may pose a serious risk to their users.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |