CVE-2020-35227

HIGH

NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 - Buffer Overflow via Access Control Whitelist Injection

Title source: llm
STIX 2.1

Description

A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.

Scores

CVSS v3 7.2
EPSS 0.0112
EPSS Percentile 62.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (2)
netgear/gs116e_firmware 2.6.0.43
netgear/jgs516pe_firmware 2.6.0.43
Published Mar 10, 2021
Tracked Since Feb 18, 2026