Unpatched Flaws in Netgear Business Switches Expose Organizations to Attacks

From securityweek.com

Security researchers have identified multiple vulnerabilities in ProSAFE Plus JGS516PE and GS116Ev2 business switches from Netgear, the most severe of which could allow a remote, unauthenticated attacker to execute arbitrary code.

A total of 15 vulnerabilities affecting Netgear switches that use the ProSAFE Plus configuration utility were found to expose users to various risks, according to researchers with IT security firm NCC Group.

The most important of these bugs is CVE-2020-26919, an unauthenticated remote code execution flaw rated critical severity (CVSS score of 9.8).

Affecting firmware versions prior to, the bug is related to the internal management web application not implementing the correct access controls, which could allow attackers to bypass authentication and run code with the privileges of the administrator.

Read more…