Wednesday, October 9, 2024
HomeCVE/vulnerabilityNetgear JGS516PE Ethernet Switch Flaws let Attackers Execute Remote Code

Netgear JGS516PE Ethernet Switch Flaws let Attackers Execute Remote Code

Published on

Recently, Netgear has published security updates to inscribe 15 severe vulnerabilities in its JGS516PE Ethernet switch. These flaws involve an unauthenticated remote code execution vulnerability which is considered as one of the critical flaws.

According to the cybersecurity analyst, this switch is unprotected to nine high-severity vulnerabilities, and among them, there are five medium-rated ones.

However, this switch flaw is affecting firmware versions that are prior to 2.6.0.43. And the researchers pronounced that the bug is associated with the internal administration of web applications. 

- Advertisement - EHA

The switch flaw is not performing accurate access controls which could enable the threat actors to circumvent authentication and run code with the rights of the controller.

Vulnerable Software

There is a total of two vulnerable software, and here we have mentioned them below:-

  • JGS516PE
  • GS116Ev2

Flaws discovered

  • Unauthenticated RCE (CVE-2020-26919): This security flaw allows the unauthenticated threat actors to circumvent authentication and execute arbitrary actions with administrator rights.
  • Risk: Critical
  • CVSS Score: 9.8
  • Mitigation: Immediately update the firmware of the device to version 2.6.0.43 or later.
  • Improper Authentication (CVE-2020-35231): This flaw generally, enables the remote threat actor to circumvent all the authentication processes.
  • Risk: High
  • CVSS Score: 8.1
  • Mitigation: Keep the remote management feature disabled and you have to stop using the “Pro Safe Plus Configuration Utility.”
  • Unauthenticated Firmware Update Mechanism (CVE-2020-35220): This vulnerability could allow an unauthenticated attacker to upload specially crafted malicious firmware files without requiring the admin credentials.
  • Risk: High
  • CVSS Score: 8.3
  • Mitigation: Update the firmware of the vulnerable device to the version 2.6.0.48 or later.
  • TFTP Ineffective Firmware Checks (CVE-2020-35232): The attackers can easily exploit this flaw to overwrite the whole memory with their custom malicious code via their custom firmware files.
  • Risk: High
  • CVSS Score: 8.1
  • Mitigation: In this case also you have to update the firmware of the vulnerable device to version 2.6.0.48 or later.
  • Cross-site request forgery (CVE-2020-35223): In this flaw, the threat actors can conduct the cross-site request forgery offenses.
  • Risk: Medium
  • CVSS Score: 6.3
  • Mitigation: Users have to follow healthy and secure deployment practices.
  • Buffer overflow (CVE-2020-35225): This vulnerability enables a remote user to administer the arbitrary code on the targeted system.
  • Risk: Medium
  • CVSS Score: 6.4
  • Mitigation: Leave the remote management feature disabled and you have to stop using the ” Pro Safe Plus Configuration Utility.”
  • Integer overflow (CVE-2020-35230): In this vulnerability, the remote users can easily execute a denial of service (DoS) attack.
  • Risk: Medium
  • CVSS Score: 6.5
  • Mitigation: You have to follow strict and secure deployment practices to place the switches behind the firewalls.
  • TFTP Unexpected Behaviours (CVE-2020-35233): This security flaw allows the threat actors to reboot the affected systems when they are being updated.
  • Risk: Medium
  • CVSS Score: 6.5
  • Mitigation: Here, the security analysts have recommended updating the affected device firmware to the secure version 2.6.0.48 or later.
  • Information disclosure (CVE-2020-35222): The vulnerability enables a remote threat actor to gain access to all possibly sensitive data.
  • Risk: Medium
  • CVSS Score: 6.5
  • Mitigation: Leave the remote management feature disabled, and stop utilizing the “Pro Safe Plus Configuration Utility.”
  • Improper access control (CVE-2020-35226): In this vulnerability, the threat actors gain access to the restricted functionality.
  • Risk: High
  • CVSS Score: 7.1
  • Mitigation: Keep the remote management feature disabled, and for now you have to stop using the “Pro Safe Plus Configuration Utility.”
  • Buffer overflow (CVE-2020-35227): This vulnerability enables users to execute arbitrary code on the target system.
  • Risk: High
  • CVSS Score: 7.2
  • Mitigations: Users have to follow secure deployment practices until the exact solution is arriving.
  • Stored cross-site scripting (CVE-2020-35228): This vulnerability enables a remote threat actor to execute cross-site scripting (XSS) attacks.
  • Risk: High
  • CVSS Score: 7.2
  • Mitigation: In this case, the researchers have recommended only to follow secure deployment practices.
  • Improper Authentication (CVE-2020-35229): In this vulnerability, the threat actors can easily bypass the authentication process.
  • Risk: High
  • CVSS Score: 7.5
  • Mitigation: leave the remote management feature disabled and stop utilizing the “Pro Safe Plus Configuration Utility.”
  • Insufficiently protected credentials (CVE-2020-35221): In this vulnerability, the threat actors could easily compromise the target system.
  • Risk: High
  • CVSS Score: 7.5
  • Mitigations: Again here you have to leave the remote management feature disabled and stop utilizing the “Pro Safe Plus Configuration Utility.”
  • Buffer overflow (CVE-2020-35224): The vulnerability enables a remote attacker to execute a denial of service (DoS) attack.
  • Risk: High
  • CVSS Score: 8.1
  • Mitigation: Since there is no exact solution is available, the experts have recommended to leave the remote management feature disabled and stop utilizing the “Pro Safe Plus Configuration Utility.”

Apart from this, any non-authenticated attacker can easily exploit these vulnerabilities remotely through the local area network (LAN). While to exploit the flaw what attackers have to do is send a specially crafted request to the affected system, that’s it.

Moreover, the cybersecurity experts affirmed that they have not yet detected any known malware exploiting this flaw. But, Netgear has acknowledged that they are trying their best to identify all the vulnerabilities and find the mitigations of these vulnerabilities.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Also Read

Google Fixed yet Another Actively Exploited zero-day Vulnerability in the Chrome Browser

New Crypto-Miner Campaign Targets QNAP NAS Devices via the Unauthorized RCE Vulnerability

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Badge and CyberArk Announce Partnership to Redefine Privacy in PAM and Secrets Management

Partnership aims to help businesses eliminate vulnerable attack surfaces and provide a more streamlined...

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...

Critical Automative 0-Day Flaws Let Attackers Gain Full Control Over Cars

Recent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day...

Likho Hackers Using MeshCentral For Remotely Managing Victim Systems

The Awaken Likho APT group launched a new campaign in June of 2024 with...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...

Likho Hackers Using MeshCentral For Remotely Managing Victim Systems

The Awaken Likho APT group launched a new campaign in June of 2024 with...

Hackers Gained Unauthorized Network Access to Casio Networks

Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network...