NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Amnesia:33 vulnerabilities for JGS516PE
Hello all, I am not having much luck in finding any information regarding the Amnesia:33 vulnerabilities showing up on our Qualys scan for the JGS516PE switch. I understand that the switch i...
Kindly check the Security Updates here. If ever it does not include the vulnerability you have mentioned, you can report it by clicking the button "Click Here" under Report Vulnerabilities.
Regards,
DaneA
NETGEAR Community Team
That link doesn't address my question.
If I were to report this, which is an old CVE by the way, will there be fixes for it if the product is EOL?
It is a well known issue with opensource TCP/IP stack.
Chipperchoi wrote:It is a well known issue with opensource TCP/IP stack.
Not sure there are similar alternate robust and light TCP stacks available to replace these embedded microcontrollers TCP stacks not vulnerable to the Amnesia:33 set.
Even if available, unclear if the industry will update these tiny devices ever.
YeZ please.
The Amnesia-33 secrity vulnerability issue is fixed in JGS516PE latest firmware v2.6.0.48 https://www.netgear.com/support/product/JGS516PE.aspx#download
Its release note shows:
- Various security vulnerability fixes and enhancements
Thank you.
Thank you for the link. however, I am already on that version of Firmware on the switch already and the Qualys scan is still picking it up.
I know it says it fixed various vulnerabilities but doesn't really say what was fixed. This is a PCI vulnerability that we will get dinged on, in an audit, so I need something more than this.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
