ByteOS Network

NVD Vulnerability Details :

CVE-2020-35227

Analyzed

Source-cve@mitre.org

Published At-10 Mar, 2021 | 19:15

Updated At-15 Mar, 2021 | 19:43

A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 6.5

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:P/A:P

CPE Matches

NETGEAR, Inc.

>>gs116e_firmware>>2.6.0.43

cpe:2.3:o:netgear:gs116e_firmware:2.6.0.43:*:*:*:*:*:*:*

NETGEAR, Inc.

>>gs116e>>v2

cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:*

NETGEAR, Inc.

>>jgs516pe_firmware>>2.6.0.43

cpe:2.3:o:netgear:jgs516pe_firmware:2.6.0.43:*:*:*:*:*:*:*

NETGEAR, Inc.

>>jgs516pe>>-

cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-120	Primary	nvd@nist.gov

CWE ID: CWE-120

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/	cve@mitre.org	Vendor Advisory

Hyperlink: https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/

Source: cve@mitre.org

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History