{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-17T07:15:40.905","vulnerabilities":[{"cve":{"id":"CVE-2020-35783","sourceIdentifier":"cve@mitre.org","published":"2020-12-30T00:15:13.267","lastModified":"2024-11-21T05:28:05.050","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests."},{"lang":"es","value":"Determinados dispositivos NETGEAR están afectados por una falta de control de acceso en el nivel de función. Esto afecta a JGS516PE versiones anteriores a 2.6.0.48, GS116Ev2 versiones anteriores a 2.6.0.48, JGS524Ev2 versiones anteriores a 2.6.0.48 y JGS524PE versiones anteriores a 2.6.0.48. La versión del protocolo NSDP permite a los atacantes remotos no autentificados obtener todos los parámetros de configuración del switch enviando las correspondientes peticiones de lectura."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.6.0.48","matchCriteriaId":"83FA56EB-35CD-4A58-8019-C4597AAC0104"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:*","matchCriteriaId":"DCBC0DAB-226E-4C95-9818-7758D37EFD10"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netgear:jgs524e_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.6.0.48","matchCriteriaId":"19D0AC3E-87B5-435A-B203-E9759A4A5396"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netgear:jgs524e:v2:*:*:*:*:*:*:*","matchCriteriaId":"CFF899BD-AA1E-4C47-BCFD-5E32F75F538A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netgear:jgs524pe_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.6.0.48","matchCriteriaId":"62D7F6C3-8104-4C7D-AE9D-8C96D40221A3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netgear:jgs524pe:-:*:*:*:*:*:*:*","matchCriteriaId":"D4A32288-19B5-4A8F-B883-FCC326B7032D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netgear:gs116e_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.6.0.48","matchCriteriaId":"9CCEFE31-BAA8-4791-BB66-27D341EAE6C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:*","matchCriteriaId":"6DA5EF92-9B28-4C81-8A95-C5BCEC19591A"}]}]}],"references":[{"url":"https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/","source":"cve@mitre.org","tags":["Not Applicable"]},{"url":"https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable"]}]}}]}