{"vulnerability": "CVE-2020-3522", "sightings": [{"uuid": "4783a5c3-f2c7-4ecd-8aa9-d86fc485f251", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35227", "type": "seen", "source": "https://t.me/cibsecurity/24734", "content": "\u203c CVE-2020-35227 \u203c\n\nA buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-10T22:53:15.000000Z"}, {"uuid": "74b4b2ea-cd99-4242-89a4-f99267a408b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35229", "type": "seen", "source": "https://t.me/cibsecurity/24739", "content": "\u203c CVE-2020-35229 \u203c\n\nThe authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-10T22:53:20.000000Z"}, {"uuid": "99c4b660-7242-466e-8f92-9e7bdc34fffd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35228", "type": "seen", "source": "https://t.me/cibsecurity/24735", "content": "\u203c CVE-2020-35228 \u203c\n\nA cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-10T22:53:16.000000Z"}, {"uuid": "a6112bd9-db8f-4751-b775-1f862fb6959a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35226", "type": "seen", "source": "https://t.me/cibsecurity/24733", "content": "\u203c CVE-2020-35226 \u203c\n\nNETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-10T22:53:14.000000Z"}, {"uuid": "7fa92b28-bcb4-4fbe-952f-55ad72691b18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35222", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2861", "content": "#Hardware_Security\nMultiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE/GS116Ev2 Switches (PoCs)\nhttps://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches\n// - Unauthenticated RCE (CVE-2020-26919)\n- NSDP Auth Bypass (CVE-2020-35231)\n- Unauth Firmware Upd Mechanism (CVE-2020-35220)\n- TFTP Ineffective Firmware Checks (CVE-2020-35232)\n- Unauth BoF (CVE-2020-35224)\n- Insecure Password Hashing Mechanism (CVE-2020-35221)\n- Authentication Token Reuse (CVE-2020-35229)\n- Stored XSS in Language Settings (CVE-2020-35228)\n- Buffer Overflow in IP Source Params (CVE-2020-35227)\n- Unauthenticated Write Access to DHCP Configuration (CVE-2020-35226)\n- Unauthenticated Access to Switch Configuration Parameters (CVE-2020-35222)\n- TFTP Unexpected Behaviours (CVE-2020-35233)\n- Multiple Integer Overflow Instances (CVE-2020-35230)\n- Multiple Write Commands BoF (CVE-2020-35225)\n- Ineffective CSRF Protections (CVE-2020-35223)", "creation_timestamp": "2024-10-09T19:00:25.000000Z"}, {"uuid": "b01b87bc-e547-49a5-9ca0-cfcf035069e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35228", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2861", "content": "#Hardware_Security\nMultiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE/GS116Ev2 Switches (PoCs)\nhttps://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches\n// - Unauthenticated RCE (CVE-2020-26919)\n- NSDP Auth Bypass (CVE-2020-35231)\n- Unauth Firmware Upd Mechanism (CVE-2020-35220)\n- TFTP Ineffective Firmware Checks (CVE-2020-35232)\n- Unauth BoF (CVE-2020-35224)\n- Insecure Password Hashing Mechanism (CVE-2020-35221)\n- Authentication Token Reuse (CVE-2020-35229)\n- Stored XSS in Language Settings (CVE-2020-35228)\n- Buffer Overflow in IP Source Params (CVE-2020-35227)\n- Unauthenticated Write Access to DHCP Configuration (CVE-2020-35226)\n- Unauthenticated Access to Switch Configuration Parameters (CVE-2020-35222)\n- TFTP Unexpected Behaviours (CVE-2020-35233)\n- Multiple Integer Overflow Instances (CVE-2020-35230)\n- Multiple Write Commands BoF (CVE-2020-35225)\n- Ineffective CSRF Protections (CVE-2020-35223)", "creation_timestamp": "2024-10-09T19:00:25.000000Z"}, {"uuid": "3df8d49e-370b-49ee-a05c-1d3d6c0c8c70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35229", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2861", "content": "#Hardware_Security\nMultiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE/GS116Ev2 Switches (PoCs)\nhttps://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches\n// - Unauthenticated RCE (CVE-2020-26919)\n- NSDP Auth Bypass (CVE-2020-35231)\n- Unauth Firmware Upd Mechanism (CVE-2020-35220)\n- TFTP Ineffective Firmware Checks (CVE-2020-35232)\n- Unauth BoF (CVE-2020-35224)\n- Insecure Password Hashing Mechanism (CVE-2020-35221)\n- Authentication Token Reuse (CVE-2020-35229)\n- Stored XSS in Language Settings (CVE-2020-35228)\n- Buffer Overflow in IP Source Params (CVE-2020-35227)\n- Unauthenticated Write Access to DHCP Configuration (CVE-2020-35226)\n- Unauthenticated Access to Switch Configuration Parameters (CVE-2020-35222)\n- TFTP Unexpected Behaviours (CVE-2020-35233)\n- Multiple Integer Overflow Instances (CVE-2020-35230)\n- Multiple Write Commands BoF (CVE-2020-35225)\n- Ineffective CSRF Protections (CVE-2020-35223)", "creation_timestamp": "2024-10-09T19:00:25.000000Z"}, {"uuid": "73e31278-e7ee-4340-980a-b828c15cfcf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35225", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2861", "content": "#Hardware_Security\nMultiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE/GS116Ev2 Switches (PoCs)\nhttps://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches\n// - Unauthenticated RCE (CVE-2020-26919)\n- NSDP Auth Bypass (CVE-2020-35231)\n- Unauth Firmware Upd Mechanism (CVE-2020-35220)\n- TFTP Ineffective Firmware Checks (CVE-2020-35232)\n- Unauth BoF (CVE-2020-35224)\n- Insecure Password Hashing Mechanism (CVE-2020-35221)\n- Authentication Token Reuse (CVE-2020-35229)\n- Stored XSS in Language Settings (CVE-2020-35228)\n- Buffer Overflow in IP Source Params (CVE-2020-35227)\n- Unauthenticated Write Access to DHCP Configuration (CVE-2020-35226)\n- Unauthenticated Access to Switch Configuration Parameters (CVE-2020-35222)\n- TFTP Unexpected Behaviours (CVE-2020-35233)\n- Multiple Integer Overflow Instances (CVE-2020-35230)\n- Multiple Write Commands BoF (CVE-2020-35225)\n- Ineffective CSRF Protections (CVE-2020-35223)", "creation_timestamp": "2024-10-09T19:00:25.000000Z"}, {"uuid": "033a5cbb-b86a-4fd7-b087-061634d40c05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35220", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2861", "content": "#Hardware_Security\nMultiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE/GS116Ev2 Switches (PoCs)\nhttps://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches\n// - Unauthenticated RCE (CVE-2020-26919)\n- NSDP Auth Bypass (CVE-2020-35231)\n- Unauth Firmware Upd Mechanism (CVE-2020-35220)\n- TFTP Ineffective Firmware Checks (CVE-2020-35232)\n- Unauth BoF (CVE-2020-35224)\n- Insecure Password Hashing Mechanism (CVE-2020-35221)\n- Authentication Token Reuse (CVE-2020-35229)\n- Stored XSS in Language Settings (CVE-2020-35228)\n- Buffer Overflow in IP Source Params (CVE-2020-35227)\n- Unauthenticated Write Access to DHCP Configuration (CVE-2020-35226)\n- Unauthenticated Access to Switch Configuration Parameters (CVE-2020-35222)\n- TFTP Unexpected Behaviours (CVE-2020-35233)\n- Multiple Integer Overflow Instances (CVE-2020-35230)\n- Multiple Write Commands BoF (CVE-2020-35225)\n- Ineffective CSRF Protections (CVE-2020-35223)", "creation_timestamp": "2024-10-09T19:00:25.000000Z"}, {"uuid": "d0f8f6c0-a096-485d-8ed2-7f433e7a5a07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35223", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2861", "content": "#Hardware_Security\nMultiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE/GS116Ev2 Switches (PoCs)\nhttps://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches\n// - Unauthenticated RCE (CVE-2020-26919)\n- NSDP Auth Bypass (CVE-2020-35231)\n- Unauth Firmware Upd Mechanism (CVE-2020-35220)\n- TFTP Ineffective Firmware Checks (CVE-2020-35232)\n- Unauth BoF (CVE-2020-35224)\n- Insecure Password Hashing Mechanism (CVE-2020-35221)\n- Authentication Token Reuse (CVE-2020-35229)\n- Stored XSS in Language Settings (CVE-2020-35228)\n- Buffer Overflow in IP Source Params (CVE-2020-35227)\n- Unauthenticated Write Access to DHCP Configuration (CVE-2020-35226)\n- Unauthenticated Access to Switch Configuration Parameters (CVE-2020-35222)\n- TFTP Unexpected Behaviours (CVE-2020-35233)\n- Multiple Integer Overflow Instances (CVE-2020-35230)\n- Multiple Write Commands BoF (CVE-2020-35225)\n- Ineffective CSRF Protections (CVE-2020-35223)", "creation_timestamp": "2024-10-09T19:00:25.000000Z"}, {"uuid": "9f279137-c308-488e-9b74-77dfc2a1559c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35227", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2861", "content": "#Hardware_Security\nMultiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE/GS116Ev2 Switches (PoCs)\nhttps://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches\n// - Unauthenticated RCE (CVE-2020-26919)\n- NSDP Auth Bypass (CVE-2020-35231)\n- Unauth Firmware Upd Mechanism (CVE-2020-35220)\n- TFTP Ineffective Firmware Checks (CVE-2020-35232)\n- Unauth BoF (CVE-2020-35224)\n- Insecure Password Hashing Mechanism (CVE-2020-35221)\n- Authentication Token Reuse (CVE-2020-35229)\n- Stored XSS in Language Settings (CVE-2020-35228)\n- Buffer Overflow in IP Source Params (CVE-2020-35227)\n- Unauthenticated Write Access to DHCP Configuration (CVE-2020-35226)\n- Unauthenticated Access to Switch Configuration Parameters (CVE-2020-35222)\n- TFTP Unexpected Behaviours (CVE-2020-35233)\n- Multiple Integer Overflow Instances (CVE-2020-35230)\n- Multiple Write Commands BoF (CVE-2020-35225)\n- Ineffective CSRF Protections (CVE-2020-35223)", "creation_timestamp": "2024-10-09T19:00:25.000000Z"}, {"uuid": "d2a008b6-a3ca-47e4-b075-eb5e7e9df91b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35226", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2861", "content": "#Hardware_Security\nMultiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE/GS116Ev2 Switches (PoCs)\nhttps://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches\n// - Unauthenticated RCE (CVE-2020-26919)\n- NSDP Auth Bypass (CVE-2020-35231)\n- Unauth Firmware Upd Mechanism (CVE-2020-35220)\n- TFTP Ineffective Firmware Checks (CVE-2020-35232)\n- Unauth BoF (CVE-2020-35224)\n- Insecure Password Hashing Mechanism (CVE-2020-35221)\n- Authentication Token Reuse (CVE-2020-35229)\n- Stored XSS in Language Settings (CVE-2020-35228)\n- Buffer Overflow in IP Source Params (CVE-2020-35227)\n- Unauthenticated Write Access to DHCP Configuration (CVE-2020-35226)\n- Unauthenticated Access to Switch Configuration Parameters (CVE-2020-35222)\n- TFTP Unexpected Behaviours (CVE-2020-35233)\n- Multiple Integer Overflow Instances (CVE-2020-35230)\n- Multiple Write Commands BoF (CVE-2020-35225)\n- Ineffective CSRF Protections (CVE-2020-35223)", "creation_timestamp": "2024-10-09T19:00:25.000000Z"}, {"uuid": "190f5c27-f659-405a-8a4d-eefced3956d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35221", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2861", "content": "#Hardware_Security\nMultiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE/GS116Ev2 Switches (PoCs)\nhttps://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches\n// - Unauthenticated RCE (CVE-2020-26919)\n- NSDP Auth Bypass (CVE-2020-35231)\n- Unauth Firmware Upd Mechanism (CVE-2020-35220)\n- TFTP Ineffective Firmware Checks (CVE-2020-35232)\n- Unauth BoF (CVE-2020-35224)\n- Insecure Password Hashing Mechanism (CVE-2020-35221)\n- Authentication Token Reuse (CVE-2020-35229)\n- Stored XSS in Language Settings (CVE-2020-35228)\n- Buffer Overflow in IP Source Params (CVE-2020-35227)\n- Unauthenticated Write Access to DHCP Configuration (CVE-2020-35226)\n- Unauthenticated Access to Switch Configuration Parameters (CVE-2020-35222)\n- TFTP Unexpected Behaviours (CVE-2020-35233)\n- Multiple Integer Overflow Instances (CVE-2020-35230)\n- Multiple Write Commands BoF (CVE-2020-35225)\n- Ineffective CSRF Protections (CVE-2020-35223)", "creation_timestamp": "2024-10-09T19:00:25.000000Z"}, {"uuid": "3cf2365a-e7ec-46d6-87cc-b279dbe6bff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35224", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2861", "content": "#Hardware_Security\nMultiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE/GS116Ev2 Switches (PoCs)\nhttps://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches\n// - Unauthenticated RCE (CVE-2020-26919)\n- NSDP Auth Bypass (CVE-2020-35231)\n- Unauth Firmware Upd Mechanism (CVE-2020-35220)\n- TFTP Ineffective Firmware Checks (CVE-2020-35232)\n- Unauth BoF (CVE-2020-35224)\n- Insecure Password Hashing Mechanism (CVE-2020-35221)\n- Authentication Token Reuse (CVE-2020-35229)\n- Stored XSS in Language Settings (CVE-2020-35228)\n- Buffer Overflow in IP Source Params (CVE-2020-35227)\n- Unauthenticated Write Access to DHCP Configuration (CVE-2020-35226)\n- Unauthenticated Access to Switch Configuration Parameters (CVE-2020-35222)\n- TFTP Unexpected Behaviours (CVE-2020-35233)\n- Multiple Integer Overflow Instances (CVE-2020-35230)\n- Multiple Write Commands BoF (CVE-2020-35225)\n- Ineffective CSRF Protections (CVE-2020-35223)", "creation_timestamp": "2024-10-09T19:00:25.000000Z"}]}