Netgear has released firmware updates to address multiple vulnerabilities in Netgear ProSAFE Plus networking switches, including an unauthenticated remote code execution vulnerability rated as critical.
The vulnerabilities addressed are:
- CVE-2020-26919 – Switch internal management web application in Netgear JGS516PE devices before v18.104.22.168 allows an attacker in the local network to bypass authentication and execute actions with administrator privileges.
- CVE-2020-35220 – Trivial File Transfer Protocol (TFTP) server enabled by default on Netgear JGS516PE/GS116Ev2 v22.214.171.124 devices allows a remote attacker with standard user credentials to upload custom firmware without requiring administrator privileges.
- CVE-2020-35222 – Netgear Switch Discovery Protocol (NSDP) version implemented on Netgear JGS516PE/GS116Ev2 v126.96.36.199 devices allows a remote unauthenticated attacker to obtain all the switch configuration parameters by sending corresponding read requests.
- CVE-2020-35232 – Improper firmware validations in TFTP firmware update mechanism allows an attacker in the local network to write arbitrary data to internal memory.
The following models are affected:
- JGS516PE running firmware versions prior to 188.8.131.52
- GS116Ev2 running firmware versions prior to 184.108.40.206
- JGS524PE running firmware versions prior to 220.127.116.11
- JGS524Ev2 running firmware versions prior to 18.104.22.168
Administrators using the affected models are strongly advised to apply the latest firmware update as soon as possible.
Administrators who are unable to patch their systems immediately should revert to the default web browser mode and manage the switch via its native web interface. Administrators are encouraged to deploy the switch behind a firewall without exposing it directly to the Internet.
Due to hardware limitations of the affected switches, 11 other reported vulnerabilities are not patched in the latest firmware update. As a workaround, administrators are strongly advised to check for and disable the Plus Utility Support in affected models, as these vulnerabilities are exploitable when this function is enabled in the switches.
More information is available here: