CVE-2020-11791
Description
NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NETGEAR JGS516PE firmware before 2.6.0.43 is vulnerable to reflected cross-site scripting (XSS).
Vulnerability
A reflected cross-site scripting (XSS) vulnerability affects NETGEAR JGS516PE switches running firmware versions prior to 2.6.0.43 [1]. The flaw is present in the web management interface and requires the attacker to craft a malicious link that, when clicked, reflects JavaScript in the user's browser.
Exploitation
The attacker must be on the same network (adjacent) and trick an authenticated administrator into clicking a specially crafted link [1]. No special privileges are needed beyond network adjacency and social engineering to deliver the link. The XSS payload executes in the context of the management session.
Impact
Successful exploitation allows an attacker to perform cross-site scripting attacks that can lead to limited information disclosure (e.g., session tokens, page content) and limited modification of content via the victim's session [1]. The CVSS v3 score is 5.2 (Medium), with the vector indicating network adjacency required, low attack complexity, no privileges needed, and user interaction [1].
Mitigation
NETGEAR released firmware version 2.6.0.43 to fix this vulnerability [1]. Users should update to this version or later. There is no indication that this CVE is listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- NETGEAR/JGS516PEdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.