First published: Wed Mar 10 2021(Updated: )
A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear Gs116e Firmware | =2.6.0.43 | |
Netgear Gs116e | =v2 | |
Netgear Jgs516pe Firmware | =2.6.0.43 | |
NETGEAR JGS516PE |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-35224.
CVE-2020-35224 has a severity level of 6.5 (medium).
Remote unauthenticated attackers can exploit CVE-2020-35224 by forcing a device reboot through a buffer overflow vulnerability in the NSDP protocol authentication method.
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices are affected by CVE-2020-35224.
No, the NETGEAR GS116E and JGS516PE are not vulnerable to CVE-2020-35224.
To fix the CVE-2020-35224 vulnerability, it is recommended to update the firmware of the affected NETGEAR JGS516PE/GS116Ev2 devices to a version that addresses the issue.
You can find more information about CVE-2020-35224 at the following reference: [Link](https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/)
CVE-2020-35224 is associated with the common weaknesses CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).