First published: Wed Mar 10 2021(Updated: )
A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netgear Gs116e Firmware | =2.6.0.43 | |
Netgear Gs116e | =v2 | |
Netgear Jgs516pe Firmware | =2.6.0.43 | |
NETGEAR JGS516PE |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-35227 is high with a CVSS score of 7.2.
The buffer overflow vulnerability in CVE-2020-35227 allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel).
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices are affected by CVE-2020-35227.
To fix CVE-2020-35227, update the affected devices to a version that includes a patch for the vulnerability.
For more information about CVE-2020-35227, refer to the following link: [https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/](https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/)