Search criteria
6 vulnerabilities found for gs108pe by netgear
VAR-201407-0439
Vulnerability from variot - Updated: 2025-04-12 23:27NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi. Netgear GS105PE Prosafe Plus Switch firmware version 1.2.0.5 contains hard-coded credentials. (CWE-798). An attacker could exploit this vulnerability to bypass the authentication mechanism and access the affected device without authorization. This may aid in further attacks. The vulnerability is caused by the use of a hard-coded password (debugpassword) for the ntgruser account
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0439",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs108pe",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "1.2.0.5"
},
{
"model": "gs108pe",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "gs105pe prosafe plus switch",
"scope": null,
"trust": 0.8,
"vendor": "net gear",
"version": null
},
{
"model": "gs105pe prosafe plus switch",
"scope": "eq",
"trust": 0.8,
"vendor": "net gear",
"version": "version 1.2.0.5"
},
{
"model": "gs108pe prosafe plus switch",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "1.2.0.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003154"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-177"
},
{
"db": "NVD",
"id": "CVE-2014-2969"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:netgear:gs105pe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs105pe_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003154"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc Olivier Chouinard",
"sources": [
{
"db": "BID",
"id": "68366"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2969",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2014-2969",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 7.8,
"collateralDamagePotential": "LOW",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 1.7,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 6.5,
"id": "CVE-2014-2969",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "UNCOFIRMED",
"severity": "HIGH",
"targetDistribution": "LOW",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:A/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-003154",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-04081",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-70908",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2969",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2969",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-003154",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-04081",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-177",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-70908",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143740"
},
{
"db": "CNVD",
"id": "CNVD-2014-04081"
},
{
"db": "VULHUB",
"id": "VHN-70908"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003154"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-177"
},
{
"db": "NVD",
"id": "CVE-2014-2969"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi. Netgear GS105PE Prosafe Plus Switch firmware version 1.2.0.5 contains hard-coded credentials. (CWE-798). An attacker could exploit this vulnerability to bypass the authentication mechanism and access the affected device without authorization. This may aid in further attacks. The vulnerability is caused by the use of a hard-coded password (debugpassword) for the ntgruser account",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2969"
},
{
"db": "CERT/CC",
"id": "VU#143740"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003154"
},
{
"db": "CNVD",
"id": "CNVD-2014-04081"
},
{
"db": "BID",
"id": "68366"
},
{
"db": "VULHUB",
"id": "VHN-70908"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/143740",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143740"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2969",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#143740",
"trust": 3.3
},
{
"db": "BID",
"id": "68366",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU91918249",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003154",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-177",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-04081",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70908",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143740"
},
{
"db": "CNVD",
"id": "CNVD-2014-04081"
},
{
"db": "VULHUB",
"id": "VHN-70908"
},
{
"db": "BID",
"id": "68366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003154"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-177"
},
{
"db": "NVD",
"id": "CVE-2014-2969"
}
]
},
"id": "VAR-201407-0439",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04081"
},
{
"db": "VULHUB",
"id": "VHN-70908"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04081"
}
]
},
"last_update_date": "2025-04-12T23:27:43.102000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Gigabit Plus Switch Series - GS105PE",
"trust": 0.8,
"url": "http://www.netgear.com/business/products/switches/unmanaged-plus/GS105PE.aspx"
},
{
"title": "GS105PE",
"trust": 0.8,
"url": "http://www.netgear.jp/products/details/GS105PE.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003154"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "CWE-798",
"trust": 0.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143740"
},
{
"db": "VULHUB",
"id": "VHN-70908"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003154"
},
{
"db": "NVD",
"id": "CVE-2014-2969"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/143740"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2969"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91918249/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2969"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/68366"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#143740"
},
{
"db": "CNVD",
"id": "CNVD-2014-04081"
},
{
"db": "VULHUB",
"id": "VHN-70908"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003154"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-177"
},
{
"db": "NVD",
"id": "CVE-2014-2969"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#143740"
},
{
"db": "CNVD",
"id": "CNVD-2014-04081"
},
{
"db": "VULHUB",
"id": "VHN-70908"
},
{
"db": "BID",
"id": "68366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003154"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-177"
},
{
"db": "NVD",
"id": "CVE-2014-2969"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-03T00:00:00",
"db": "CERT/CC",
"id": "VU#143740"
},
{
"date": "2014-07-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04081"
},
{
"date": "2014-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-70908"
},
{
"date": "2014-07-03T00:00:00",
"db": "BID",
"id": "68366"
},
{
"date": "2014-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003154"
},
{
"date": "2014-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-177"
},
{
"date": "2014-07-07T11:01:29.993000",
"db": "NVD",
"id": "CVE-2014-2969"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-08T00:00:00",
"db": "CERT/CC",
"id": "VU#143740"
},
{
"date": "2014-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04081"
},
{
"date": "2014-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-70908"
},
{
"date": "2014-07-03T00:00:00",
"db": "BID",
"id": "68366"
},
{
"date": "2014-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003154"
},
{
"date": "2014-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-177"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-2969"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-177"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials",
"sources": [
{
"db": "CERT/CC",
"id": "VU#143740"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-177"
}
],
"trust": 0.6
}
}
VAR-202004-0941
Vulnerability from variot - Updated: 2024-11-23 23:11Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1. plural NETGEAR The device contains a vulnerability related to lack of authentication.Information may be obtained and tampered with. NETGEAR GS105E, etc. are all a kind of switchboard of NETGEAR. No detailed vulnerability details are currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0941",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fs728tlp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.26"
},
{
"model": "gs105pe",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs110emx",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.4"
},
{
"model": "gs408epp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.0.15"
},
{
"model": "gs808e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.7.0.7"
},
{
"model": "gs810emx",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.7.1.1"
},
{
"model": "gs908e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.7.0.3"
},
{
"model": "gss108e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gss108epp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.0.15"
},
{
"model": "gss116e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.9"
},
{
"model": "jgs516pe",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "jgs524pe",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "xs512em",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.1"
},
{
"model": "xs716e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.23"
},
{
"model": "xs724em",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.1"
},
{
"model": "gs724tp",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.1.1.29"
},
{
"model": "gs116e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "gs108pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "xs708e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.6.0.23"
},
{
"model": "gs105e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs108e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "jgs524e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "fs728tlp",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.1.26"
},
{
"model": "gs105e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs105pe prosafe plus switch",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs108e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs108pe prosafe plus switch",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs110emx",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.1.4"
},
{
"model": "gs116e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "gs408epp",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.0.15"
},
{
"model": "gs724tp",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.1.1.29"
},
{
"model": "gs808e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.7.0.7"
},
{
"model": "gs105ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs108ev3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs108pev3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs116ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "gs724tpv2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.1.1.29"
},
{
"model": "jgs524ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "xs708ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.6.0.23"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:fs728tlp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs105e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs105pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs108e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs108pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs110emx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs116e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs408epp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs724tp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs808e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
}
]
},
"cve": "CVE-2019-20676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-20676",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015469",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-24418",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2019-20676",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2019-20676",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.0,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015469",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20676",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-20676",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015469",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-24418",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1210",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1210"
},
{
"db": "NVD",
"id": "CVE-2019-20676"
},
{
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS724TPv2 before 1.1.1.29, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1. plural NETGEAR The device contains a vulnerability related to lack of authentication.Information may be obtained and tampered with. NETGEAR GS105E, etc. are all a kind of switchboard of NETGEAR. No detailed vulnerability details are currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20676"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "CNVD",
"id": "CNVD-2020-24418"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20676",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-24418",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1210",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1210"
},
{
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"id": "VAR-202004-0941",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
}
],
"trust": 1.3507586008695651
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
}
]
},
"last_update_date": "2024-11-23T23:11:27.368000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Missing Function Level Access Control on Some Switches, PSV-2018-0542",
"trust": 0.8,
"url": "https://kb.netgear.com/000061463/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Switches-PSV-2018-0542"
},
{
"title": "Patch for Multiple NETGEAR product access control error vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/215173"
},
{
"title": "Multiple NETGEAR Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116089"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1210"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20676"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000061463/security-advisory-for-missing-function-level-access-control-on-some-switches-psv-2018-0542"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20676"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1210"
},
{
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1210"
},
{
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"date": "2020-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1210"
},
{
"date": "2020-04-15T20:15:14.333000",
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-24418"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015469"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1210"
},
{
"date": "2024-11-21T04:39:03.200000",
"db": "NVD",
"id": "CVE-2019-20676"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Vulnerability in lack of authentication on device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1210"
}
],
"trust": 0.6
}
}
VAR-202004-0923
Vulnerability from variot - Updated: 2024-11-23 22:37Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1. NETGEAR GS105E, etc. are all a kind of switchboard of NETGEAR
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0923",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fs728tlp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.26"
},
{
"model": "gs105pe",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs110emx",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.4"
},
{
"model": "gs408epp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.0.15"
},
{
"model": "gs808e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.7.0.7"
},
{
"model": "gs810emx",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.7.1.1"
},
{
"model": "gs908e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.7.0.3"
},
{
"model": "gss108e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gss108epp",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.0.15"
},
{
"model": "gss116e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.9"
},
{
"model": "jgs516pe",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "jgs524pe",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "xs512em",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.1"
},
{
"model": "xs716e",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.6.0.23"
},
{
"model": "xs724em",
"scope": "lt",
"trust": 1.6,
"vendor": "netgear",
"version": "1.0.1.1"
},
{
"model": "gs116e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "gs108pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "xs708e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.6.0.23"
},
{
"model": "gs105e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs108e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "jgs524e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "fs728tlp",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.1.26"
},
{
"model": "gs105e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs105pe prosafe plus switch",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs108e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs108pe prosafe plus switch",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs110emx",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.1.4"
},
{
"model": "gs116e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "gs408epp",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.0.0.15"
},
{
"model": "gs808e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.7.0.7"
},
{
"model": "gs810emx",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "1.7.1.1"
},
{
"model": "gs105ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs108ev3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs108pev3",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs116ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "jgs524ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "xs708ev2",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.6.0.23"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:fs728tlp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs105e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs105pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs108e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs108pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs110emx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs116e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs408epp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs808e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs810emx_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
}
]
},
"cve": "CVE-2019-20658",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2019-20658",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015468",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2020-27209",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-20658",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-20658",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015468",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20658",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-20658",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015468",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-27209",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1228",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1228"
},
{
"db": "NVD",
"id": "CVE-2019-20658"
},
{
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1. NETGEAR GS105E, etc. are all a kind of switchboard of NETGEAR",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20658"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "CNVD",
"id": "CNVD-2020-27209"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20658",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-27209",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1228",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1228"
},
{
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"id": "VAR-202004-0923",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
}
],
"trust": 1.3394294463636363
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
}
]
},
"last_update_date": "2024-11-23T22:37:25.413000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Sensitive Information Disclosure on Some Switches, PSV-2018-0612",
"trust": 0.8,
"url": "https://kb.netgear.com/000061481/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Switches-PSV-2018-0612"
},
{
"title": "Patch for Multiple NETGEAR product information disclosure vulnerabilities (CNVD-2020-27209)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/216869"
},
{
"title": "Multiple NETGEAR Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116106"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20658"
},
{
"trust": 1.6,
"url": "https://kb.netgear.com/000061481/security-advisory-for-sensitive-information-disclosure-on-some-switches-psv-2018-0612"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20658"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1228"
},
{
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1228"
},
{
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"date": "2020-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1228"
},
{
"date": "2020-04-15T19:15:13.253000",
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27209"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015468"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1228"
},
{
"date": "2024-11-21T04:38:59.387000",
"db": "NVD",
"id": "CVE-2019-20658"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Information leakage vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015468"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1228"
}
],
"trust": 0.6
}
}
VAR-202004-1334
Vulnerability from variot - Updated: 2024-11-23 22:11Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11. NETGEAR GS105E, etc. are all switches from NETGEAR.
There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to bypass authentication and gain access to switch configuration files and passwords (same subnet). This affects JGS516PE prior to 2017-05-11, JGS524Ev2 prior to 2017-05-11, JGS524PE prior to 2017-05-11, GS105Ev2 prior to 2017-05-11, GS105PE prior to 2017-05-11, GS108Ev3 prior to 2017-05-11, GS108PEv3 prior to 2017-05-11, GS116Ev2 prior to 2017-05-11, GSS108E prior to 2017-05-11, GSS116E prior to 2017-05-11, XS708Ev2 prior to 2017-05-11, and XS716E prior to 2017-05-11
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1334",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gss116e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "jgs524e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "gs116e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "gs108e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "xs716e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "gs105e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "xs708e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "jgs516pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "gs108pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "gs105pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "jgs524pe",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "gss108e",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-05-11"
},
{
"model": "gs105e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "gs105pe prosafe plus switch",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "gs108e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "gs108pe prosafe plus switch",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "gs116e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "gss108e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "jgs516pe",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "jgs524e",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "jgs524pe",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "2017/05/11"
},
{
"model": "jgs516pe",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "jgs524ev2",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "jgs524pe",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gs105ev2",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gs105pe",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gs108ev3",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gs108pev3",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gs116ev2",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gss108e",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gss116e",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "xs708ev2",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "xs716e",
"scope": "lte",
"trust": 0.6,
"vendor": "netgear",
"version": "\u003c=2017-05-11"
},
{
"model": "gs105e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs105pe",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gs108e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs108pe",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.2.0.5"
},
{
"model": "gs108pe",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.06.08"
},
{
"model": "gs116e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "gss108e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.6.0.4"
},
{
"model": "gss116e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.6.0.9"
},
{
"model": "jgs516pe",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": null
},
{
"model": "jgs516pe",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "jgs516pe",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.6.0.43"
},
{
"model": "jgs524e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "jgs524pe",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "2.6.0.35"
},
{
"model": "xs708e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.6.0.23"
},
{
"model": "xs716e",
"scope": "eq",
"trust": 0.1,
"vendor": "netgear",
"version": "1.6.0.23"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"db": "VULMON",
"id": "CVE-2017-18862"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:netgear:gs105e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs105pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs108e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs108pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gs116e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:gss108e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:jgs516pe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:jgs524e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netgear:jgs524pe_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
}
]
},
"cve": "CVE-2017-18862",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2017-18862",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-014994",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-83564",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-18862",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-014994",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18862",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2017-014994",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-83564",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2261",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-18862",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"db": "VULMON",
"id": "CVE-2017-18862"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2261"
},
{
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before 2017-05-11, GS116Ev2 before 2017-05-11, GSS108E before 2017-05-11, GSS116E before 2017-05-11, XS708Ev2 before 2017-05-11, and XS716E before 2017-05-11. NETGEAR GS105E, etc. are all switches from NETGEAR. \n\r\n\r\nThere are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to bypass authentication and gain access to switch configuration files and passwords (same subnet). This affects JGS516PE prior to 2017-05-11, JGS524Ev2 prior to 2017-05-11, JGS524PE prior to 2017-05-11, GS105Ev2 prior to 2017-05-11, GS105PE prior to 2017-05-11, GS108Ev3 prior to 2017-05-11, GS108PEv3 prior to 2017-05-11, GS116Ev2 prior to 2017-05-11, GSS108E prior to 2017-05-11, GSS116E prior to 2017-05-11, XS708Ev2 prior to 2017-05-11, and XS716E prior to 2017-05-11",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18862"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"db": "VULMON",
"id": "CVE-2017-18862"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18862",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-83564",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2261",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-18862",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"db": "VULMON",
"id": "CVE-2017-18862"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2261"
},
{
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"id": "VAR-202004-1334",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
}
],
"trust": 1.3910071815384613
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
}
]
},
"last_update_date": "2024-11-23T22:11:30.775000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Authentication Bypass on ProSAFE Web Managed Switches, PSV-2015-0043",
"trust": 0.8,
"url": "https://kb.netgear.com/000037849/Security-Advisory-for-Authentication-Bypass-on-ProSAFE-Web-Managed-Switches-PSV-2015-0043"
},
{
"title": "Patch for Multiple NETGEAR product authorization issues and vulnerabilities (CNVD-2021-83564)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/296276"
},
{
"title": "Multiple NETGEAR Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117353"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2261"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18862"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/000037849/security-advisory-for-authentication-bypass-on-prosafe-web-managed-switches-psv-2015-0043"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18862"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"db": "VULMON",
"id": "CVE-2017-18862"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2261"
},
{
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"db": "VULMON",
"id": "CVE-2017-18862"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2261"
},
{
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"date": "2020-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18862"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2261"
},
{
"date": "2020-04-28T16:15:12.683000",
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-83564"
},
{
"date": "2020-05-05T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18862"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014994"
},
{
"date": "2020-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2261"
},
{
"date": "2024-11-21T03:21:07.230000",
"db": "NVD",
"id": "CVE-2017-18862"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2261"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NETGEAR Product authentication vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014994"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2261"
}
],
"trust": 0.6
}
}
CVE-2014-2969 (GCVE-0-2014-2969)
Vulnerability from nvd – Published: 2014-07-07 10:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#143740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/143740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-07T05:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#143740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/143740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-2969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#143740",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/143740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-2969",
"datePublished": "2014-07-07T10:00:00",
"dateReserved": "2014-04-21T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2969 (GCVE-0-2014-2969)
Vulnerability from cvelistv5 – Published: 2014-07-07 10:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#143740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/143740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-07T05:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#143740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/143740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-2969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#143740",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/143740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-2969",
"datePublished": "2014-07-07T10:00:00",
"dateReserved": "2014-04-21T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}