Missing Authentication for Critical Function

CVE-2020-35226

High

7.1/10

Summary

NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-306 - Missing Authentication for Critical Function

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

Advisory Timeline

Published Mar 10, 2021

Missing Authentication for Critical Function

CVE-2020-35226

Summary

CWE-306 - Missing Authentication for Critical Function

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS