Thursday, March 28, 2024

Netgear JGS516PE Ethernet Switch Flaws let Attackers Execute Remote Code

Recently, Netgear has published security updates to inscribe 15 severe vulnerabilities in its JGS516PE Ethernet switch. These flaws involve an unauthenticated remote code execution vulnerability which is considered as one of the critical flaws.

According to the cybersecurity analyst, this switch is unprotected to nine high-severity vulnerabilities, and among them, there are five medium-rated ones.

However, this switch flaw is affecting firmware versions that are prior to 2.6.0.43. And the researchers pronounced that the bug is associated with the internal administration of web applications. 

The switch flaw is not performing accurate access controls which could enable the threat actors to circumvent authentication and run code with the rights of the controller.

Vulnerable Software

There is a total of two vulnerable software, and here we have mentioned them below:-

  • JGS516PE
  • GS116Ev2

Flaws discovered

  • Unauthenticated RCE (CVE-2020-26919): This security flaw allows the unauthenticated threat actors to circumvent authentication and execute arbitrary actions with administrator rights.
  • Risk: Critical
  • CVSS Score: 9.8
  • Mitigation: Immediately update the firmware of the device to version 2.6.0.43 or later.
  • Improper Authentication (CVE-2020-35231): This flaw generally, enables the remote threat actor to circumvent all the authentication processes.
  • Risk: High
  • CVSS Score: 8.1
  • Mitigation: Keep the remote management feature disabled and you have to stop using the “Pro Safe Plus Configuration Utility.”
  • Unauthenticated Firmware Update Mechanism (CVE-2020-35220): This vulnerability could allow an unauthenticated attacker to upload specially crafted malicious firmware files without requiring the admin credentials.
  • Risk: High
  • CVSS Score: 8.3
  • Mitigation: Update the firmware of the vulnerable device to the version 2.6.0.48 or later.
  • TFTP Ineffective Firmware Checks (CVE-2020-35232): The attackers can easily exploit this flaw to overwrite the whole memory with their custom malicious code via their custom firmware files.
  • Risk: High
  • CVSS Score: 8.1
  • Mitigation: In this case also you have to update the firmware of the vulnerable device to version 2.6.0.48 or later.
  • Cross-site request forgery (CVE-2020-35223): In this flaw, the threat actors can conduct the cross-site request forgery offenses.
  • Risk: Medium
  • CVSS Score: 6.3
  • Mitigation: Users have to follow healthy and secure deployment practices.
  • Buffer overflow (CVE-2020-35225): This vulnerability enables a remote user to administer the arbitrary code on the targeted system.
  • Risk: Medium
  • CVSS Score: 6.4
  • Mitigation: Leave the remote management feature disabled and you have to stop using the ” Pro Safe Plus Configuration Utility.”
  • Integer overflow (CVE-2020-35230): In this vulnerability, the remote users can easily execute a denial of service (DoS) attack.
  • Risk: Medium
  • CVSS Score: 6.5
  • Mitigation: You have to follow strict and secure deployment practices to place the switches behind the firewalls.
  • TFTP Unexpected Behaviours (CVE-2020-35233): This security flaw allows the threat actors to reboot the affected systems when they are being updated.
  • Risk: Medium
  • CVSS Score: 6.5
  • Mitigation: Here, the security analysts have recommended updating the affected device firmware to the secure version 2.6.0.48 or later.
  • Information disclosure (CVE-2020-35222): The vulnerability enables a remote threat actor to gain access to all possibly sensitive data.
  • Risk: Medium
  • CVSS Score: 6.5
  • Mitigation: Leave the remote management feature disabled, and stop utilizing the “Pro Safe Plus Configuration Utility.”
  • Improper access control (CVE-2020-35226): In this vulnerability, the threat actors gain access to the restricted functionality.
  • Risk: High
  • CVSS Score: 7.1
  • Mitigation: Keep the remote management feature disabled, and for now you have to stop using the “Pro Safe Plus Configuration Utility.”
  • Buffer overflow (CVE-2020-35227): This vulnerability enables users to execute arbitrary code on the target system.
  • Risk: High
  • CVSS Score: 7.2
  • Mitigations: Users have to follow secure deployment practices until the exact solution is arriving.
  • Stored cross-site scripting (CVE-2020-35228): This vulnerability enables a remote threat actor to execute cross-site scripting (XSS) attacks.
  • Risk: High
  • CVSS Score: 7.2
  • Mitigation: In this case, the researchers have recommended only to follow secure deployment practices.
  • Improper Authentication (CVE-2020-35229): In this vulnerability, the threat actors can easily bypass the authentication process.
  • Risk: High
  • CVSS Score: 7.5
  • Mitigation: leave the remote management feature disabled and stop utilizing the “Pro Safe Plus Configuration Utility.”
  • Insufficiently protected credentials (CVE-2020-35221): In this vulnerability, the threat actors could easily compromise the target system.
  • Risk: High
  • CVSS Score: 7.5
  • Mitigations: Again here you have to leave the remote management feature disabled and stop utilizing the “Pro Safe Plus Configuration Utility.”
  • Buffer overflow (CVE-2020-35224): The vulnerability enables a remote attacker to execute a denial of service (DoS) attack.
  • Risk: High
  • CVSS Score: 8.1
  • Mitigation: Since there is no exact solution is available, the experts have recommended to leave the remote management feature disabled and stop utilizing the “Pro Safe Plus Configuration Utility.”

Apart from this, any non-authenticated attacker can easily exploit these vulnerabilities remotely through the local area network (LAN). While to exploit the flaw what attackers have to do is send a specially crafted request to the affected system, that’s it.

Moreover, the cybersecurity experts affirmed that they have not yet detected any known malware exploiting this flaw. But, Netgear has acknowledged that they are trying their best to identify all the vulnerabilities and find the mitigations of these vulnerabilities.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Also Read

Google Fixed yet Another Actively Exploited zero-day Vulnerability in the Chrome Browser

New Crypto-Miner Campaign Targets QNAP NAS Devices via the Unauthorized RCE Vulnerability

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles