CVE-2020-35801 Explained : Impact and Mitigation

Certain NETGEAR devices are affected by incorrect configuration of security settings, allowing remote authenticated users to update the switch firmware.

Understanding CVE-2020-35801

This CVE involves security misconfiguration in specific NETGEAR devices, potentially leading to unauthorized firmware updates.

What is CVE-2020-35801?

NETGEAR devices like JGS516PE, JGS524Ev2, JGS524PE, and GS116Ev2 are impacted by security misconfiguration.
The issue arises from an active TFTP server by default, enabling remote authenticated users to modify the switch firmware.

The Impact of CVE-2020-35801

CVSS Base Score: 8.3 (High)
Attack Vector: Adjacent Network
Availability Impact: High
Integrity Impact: High
Confidentiality Impact: Low
Privileges Required: None
This vulnerability poses a significant risk to the integrity and availability of affected devices.

Technical Details of CVE-2020-35801

This section delves into the specific technical aspects of the CVE.

Vulnerability Description

Incorrect security settings in NETGEAR devices allow remote authenticated users to update switch firmware via an active TFTP server.

Affected Systems and Versions

Devices affected include JGS516PE, JGS524Ev2, JGS524PE, and GS116Ev2 before version 2.6.0.48.

Exploitation Mechanism

Remote authenticated users can exploit the default TFTP server to manipulate the switch firmware, potentially leading to unauthorized changes.

Mitigation and Prevention

Protecting systems from CVE-2020-35801 requires immediate actions and long-term security practices.

Immediate Steps to Take

Disable the TFTP server on affected NETGEAR devices.
Monitor for any unauthorized firmware updates.
Implement strong authentication mechanisms.

Long-Term Security Practices

Regularly update firmware to patched versions.
Conduct security audits to identify and address misconfigurations.

Patching and Updates

Apply firmware updates provided by NETGEAR to address the security misconfiguration.