Saturday, July 20, 2024
EHA

Netgear JGS516PE Ethernet Switch Flaws let Attackers Execute Remote Code

Recently, Netgear has published security updates to inscribe 15 severe vulnerabilities in its JGS516PE Ethernet switch. These flaws involve an unauthenticated remote code execution vulnerability which is considered as one of the critical flaws.

According to the cybersecurity analyst, this switch is unprotected to nine high-severity vulnerabilities, and among them, there are five medium-rated ones.

However, this switch flaw is affecting firmware versions that are prior to 2.6.0.43. And the researchers pronounced that the bug is associated with the internal administration of web applications. 

The switch flaw is not performing accurate access controls which could enable the threat actors to circumvent authentication and run code with the rights of the controller.

Vulnerable Software

There is a total of two vulnerable software, and here we have mentioned them below:-

  • JGS516PE
  • GS116Ev2

Flaws discovered

  • Unauthenticated RCE (CVE-2020-26919): This security flaw allows the unauthenticated threat actors to circumvent authentication and execute arbitrary actions with administrator rights.
  • Risk: Critical
  • CVSS Score: 9.8
  • Mitigation: Immediately update the firmware of the device to version 2.6.0.43 or later.
  • Improper Authentication (CVE-2020-35231): This flaw generally, enables the remote threat actor to circumvent all the authentication processes.
  • Risk: High
  • CVSS Score: 8.1
  • Mitigation: Keep the remote management feature disabled and you have to stop using the “Pro Safe Plus Configuration Utility.”
  • Unauthenticated Firmware Update Mechanism (CVE-2020-35220): This vulnerability could allow an unauthenticated attacker to upload specially crafted malicious firmware files without requiring the admin credentials.
  • Risk: High
  • CVSS Score: 8.3
  • Mitigation: Update the firmware of the vulnerable device to the version 2.6.0.48 or later.
  • TFTP Ineffective Firmware Checks (CVE-2020-35232): The attackers can easily exploit this flaw to overwrite the whole memory with their custom malicious code via their custom firmware files.
  • Risk: High
  • CVSS Score: 8.1
  • Mitigation: In this case also you have to update the firmware of the vulnerable device to version 2.6.0.48 or later.
  • Cross-site request forgery (CVE-2020-35223): In this flaw, the threat actors can conduct the cross-site request forgery offenses.
  • Risk: Medium
  • CVSS Score: 6.3
  • Mitigation: Users have to follow healthy and secure deployment practices.
  • Buffer overflow (CVE-2020-35225): This vulnerability enables a remote user to administer the arbitrary code on the targeted system.
  • Risk: Medium
  • CVSS Score: 6.4
  • Mitigation: Leave the remote management feature disabled and you have to stop using the ” Pro Safe Plus Configuration Utility.”
  • Integer overflow (CVE-2020-35230): In this vulnerability, the remote users can easily execute a denial of service (DoS) attack.
  • Risk: Medium
  • CVSS Score: 6.5
  • Mitigation: You have to follow strict and secure deployment practices to place the switches behind the firewalls.
  • TFTP Unexpected Behaviours (CVE-2020-35233): This security flaw allows the threat actors to reboot the affected systems when they are being updated.
  • Risk: Medium
  • CVSS Score: 6.5
  • Mitigation: Here, the security analysts have recommended updating the affected device firmware to the secure version 2.6.0.48 or later.
  • Information disclosure (CVE-2020-35222): The vulnerability enables a remote threat actor to gain access to all possibly sensitive data.
  • Risk: Medium
  • CVSS Score: 6.5
  • Mitigation: Leave the remote management feature disabled, and stop utilizing the “Pro Safe Plus Configuration Utility.”
  • Improper access control (CVE-2020-35226): In this vulnerability, the threat actors gain access to the restricted functionality.
  • Risk: High
  • CVSS Score: 7.1
  • Mitigation: Keep the remote management feature disabled, and for now you have to stop using the “Pro Safe Plus Configuration Utility.”
  • Buffer overflow (CVE-2020-35227): This vulnerability enables users to execute arbitrary code on the target system.
  • Risk: High
  • CVSS Score: 7.2
  • Mitigations: Users have to follow secure deployment practices until the exact solution is arriving.
  • Stored cross-site scripting (CVE-2020-35228): This vulnerability enables a remote threat actor to execute cross-site scripting (XSS) attacks.
  • Risk: High
  • CVSS Score: 7.2
  • Mitigation: In this case, the researchers have recommended only to follow secure deployment practices.
  • Improper Authentication (CVE-2020-35229): In this vulnerability, the threat actors can easily bypass the authentication process.
  • Risk: High
  • CVSS Score: 7.5
  • Mitigation: leave the remote management feature disabled and stop utilizing the “Pro Safe Plus Configuration Utility.”
  • Insufficiently protected credentials (CVE-2020-35221): In this vulnerability, the threat actors could easily compromise the target system.
  • Risk: High
  • CVSS Score: 7.5
  • Mitigations: Again here you have to leave the remote management feature disabled and stop utilizing the “Pro Safe Plus Configuration Utility.”
  • Buffer overflow (CVE-2020-35224): The vulnerability enables a remote attacker to execute a denial of service (DoS) attack.
  • Risk: High
  • CVSS Score: 8.1
  • Mitigation: Since there is no exact solution is available, the experts have recommended to leave the remote management feature disabled and stop utilizing the “Pro Safe Plus Configuration Utility.”

Apart from this, any non-authenticated attacker can easily exploit these vulnerabilities remotely through the local area network (LAN). While to exploit the flaw what attackers have to do is send a specially crafted request to the affected system, that’s it.

Moreover, the cybersecurity experts affirmed that they have not yet detected any known malware exploiting this flaw. But, Netgear has acknowledged that they are trying their best to identify all the vulnerabilities and find the mitigations of these vulnerabilities.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

Google Fixed yet Another Actively Exploited zero-day Vulnerability in the Chrome Browser

New Crypto-Miner Campaign Targets QNAP NAS Devices via the Unauthorized RCE Vulnerability

Website

Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles