CVE-2020-35223

Vulnerability

The CSRF protection mechanism in the web administration panel of NETGEAR JGS516PE and GS116Ev2 switches running firmware version v2.6.0.43 can be bypassed by simply omitting the CSRF token parameter from HTTP requests [1]. This flaw allows an attacker to perform actions on behalf of an authenticated administrator without the need for a valid token.

Exploitation

An attacker must trick an authenticated administrator into clicking a crafted link or visiting a malicious page that sends an HTTP request to the switch's management interface without the CSRF token parameter. No prior authentication or network access is required beyond the ability to deliver the request to the victim's browser. The attack does not require user interaction beyond the initial click.

Impact

Successful exploitation enables the attacker to execute arbitrary administrative actions on the switch, such as modifying configuration settings, changing passwords, or enabling backdoor access. This can lead to full compromise of the network segment managed by the switch, potentially affecting confidentiality, integrity, and availability of network traffic.

Mitigation

No official patch or firmware update has been disclosed in the available references [1]. As a workaround, administrators should restrict access to the web management interface to trusted networks only, use VPNs for remote management, and monitor for unauthorized configuration changes. The device may be end-of-life; consult NETGEAR support for further guidance.