CVE-2020-35224

Vulnerability

A buffer overflow vulnerability exists in the NSDP protocol authentication method of NETGEAR JGS516PE/GS116Ev2 switches running firmware version 2.6.0.43 [1]. The bug is located in the handling of authentication requests, where insufficient bounds checking allows an attacker to overflow a stack buffer. The code path is reachable without any prior authentication or special configuration.

Exploitation

An unauthenticated attacker on the same network can send a crafted NSDP protocol packet to the target device. The attacker does not need any credentials or prior access. The overflow occurs during processing of the authentication data in the request, leading to memory corruption that triggers a fatal exception and device reboot.

Impact

Successful exploitation causes the switch to reboot immediately, resulting in a denial of service (DoS). There is no indication of code execution or privilege escalation. The device becomes temporarily unavailable until the reboot completes.

Mitigation

As of publication (March 2021), NETGEAR has not released a firmware update to fix this issue [1]. The device is likely end-of-life or unsupported. Users should isolate these switches on a separate management VLAN and restrict network access to trusted hosts only. No workaround other than network-level access control is available.