A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.
References
Configurations
History
15 Mar 2021, 19:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:netgear:jgs516pe_firmware:2.6.0.43:*:*:*:*:*:*:* cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:gs116e_firmware:2.6.0.43:*:*:*:*:*:*:* cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:* |
|
References | (MISC) https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ - Vendor Advisory | |
CWE | CWE-120 | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.2 |
10 Mar 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-10 19:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-35227
Mitre link : CVE-2020-35227
CVE.ORG link : CVE-2020-35227
JSON object : View
Products Affected
netgear
- jgs516pe_firmware
- gs116e_firmware
- gs116e
- jgs516pe
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')