CVE-2020-35227

Name of the Vulnerable Software and Affected Versions: NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43

Description: A buffer overflow vulnerability in the access control section of the administration web panel allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command. This issue is related to insufficient input length checking, which can be exploited by a remote attacker.

Recommendations: For NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43, consider disabling access to the administration web panel until a patch is available. As a temporary workaround, restrict the use of the checkedList parameter in the delete command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.