How severe is CVE-2020-35223?

CVE-2020-35223 has a CVSS v3 score of 8.8 (HIGH).

CVE-2020-35223

Name: jgs516pe
Author: netgear

8.8HIGH

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.

Опубликовано: 3/10/2021Обновлено: 11/21/2024

Описание

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.

ИИ-АнализНа базе ИИ

Затронутые продукты

netgeargs116e_firmware

2.6.0.43

netgeargs116e

netgearjgs516pe_firmware

2.6.0.43

netgearjgs516pe

Ссылки

https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
Vendor Advisory
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
Vendor Advisory