Netgear has released a swathe of security and firmware updates for its JGS516PE Ethernet switch after researchers from NCC Group discovered 15 vulnerabilities in the device – including an unauthenticated remote code execution flaw.
The switch is vulnerable to nine high-severity vulns and a further five medium-rated ones, said NCC Group IT security consultant Manuel Ginés Rodriquez in a damning blog post about his findings.
The critical vuln, an RCE (CVE-2020-26919), came about because firmware versions prior to 2.6.0.43 "failed to correctly implement access controls in one of its endpoints, allowing unauthenticated attackers to bypass authentication and execute actions with administrator privileges."
Rodriguez wrote that from the router's default login.html page "every section... could be ..
Support the originator by clicking the read the rest link below.
