How severe is CVE-2020-35223?

CVE-2020-35223 has a CVSS v3 score of 8.8 (HIGH).

CVE-2020-35223

Name: jgs516pe
Author: netgear

8.8HIGH

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.

Veröffentlicht: 3/10/2021Aktualisiert: 11/21/2024

Beschreibung

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.

KI-AnalyseKI-gestützt

Betroffene Produkte

netgeargs116e_firmware

2.6.0.43

netgeargs116e

netgearjgs516pe_firmware

2.6.0.43

netgearjgs516pe

Referenzen

https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
Vendor Advisory
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
Vendor Advisory