Multiple vulnerabilities in Netgear ProSAFE Plus networking switches

Published on 16 Mar 2021

Updated on 16 Mar 2021

Netgear has released firmware updates to address multiple vulnerabilities in Netgear ProSAFE Plus networking switches, including an unauthenticated remote code execution vulnerability rated as critical.

The vulnerabilities addressed are:

  • CVE-2020-26919 – Switch internal management web application in Netgear JGS516PE devices before v2.6.0.43 allows an attacker in the local network to bypass authentication and execute actions with administrator privileges.
  • CVE-2020-35220 – Trivial File Transfer Protocol (TFTP) server enabled by default on Netgear JGS516PE/GS116Ev2 v2.6.0.43 devices allows a remote attacker with standard user credentials to upload custom firmware without requiring administrator privileges.
  • CVE-2020-35222 – Netgear Switch Discovery Protocol (NSDP) version implemented on Netgear JGS516PE/GS116Ev2 v2.6.0.43 devices allows a remote unauthenticated attacker to obtain all the switch configuration parameters by sending corresponding read requests.
  • CVE-2020-35232 – Improper firmware validations in TFTP firmware update mechanism allows an attacker in the local network to write arbitrary data to internal memory.

The following models are affected:

  • JGS516PE running firmware versions prior to 2.6.0.48
  • GS116Ev2 running firmware versions prior to 2.6.0.48
  • JGS524PE running firmware versions prior to 2.6.0.48
  • JGS524Ev2 running firmware versions prior to 2.6.0.48

Administrators using the affected models are strongly advised to apply the latest firmware update as soon as possible.

Administrators who are unable to patch their systems immediately should revert to the default web browser mode and manage the switch via its native web interface. Administrators are encouraged to deploy the switch behind a firewall without exposing it directly to the Internet.

Due to hardware limitations of the affected switches, 11 other reported vulnerabilities are not patched in the latest firmware update. As a workaround, administrators are strongly advised to check for and disable the Plus Utility Support in affected models, as these vulnerabilities are exploitable when this function is enabled in the switches.

 

More information is available here:

https://kb.netgear.com/000062993/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-ProSAFE-Plus-Switches

https://kb.netgear.com/000062334/Security-Advisory-for-Missing-Function-Level-Access-Control-on-JGS516PE-PSV-2020-0377

https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/