CVE-2020-35226

Vulnerability

The vulnerability resides in the DHCP configuration endpoint of NETGEAR JGS516PE and GS116Ev2 switches running firmware version 2.6.0.43. The device does not enforce authentication for write commands to the DHCP configuration, allowing any unauthenticated network user to send a crafted write request that modifies the switch's DHCP settings [1].

Exploitation

An attacker does not require any prior authentication or access credentials. The attacker only needs network connectivity to the switch's management interface (typically accessible via the local network). The exploit consists of sending a specially crafted write request command to the target device's DHCP configuration endpoint [1].

Impact

Successful exploitation allows the attacker to alter the DHCP server configuration of the switch. This can lead to rogue DHCP responses being served to clients on the network, enabling man-in-the-middle attacks, traffic redirection, and denial of service. The attacker gains the ability to control DHCP leases and options without any privileges [1].

Mitigation

NETGEAR has not released a firmware update to address this vulnerability as of the publication date (2021-03-10). Administrators should restrict access to the management interface to trusted networks only, using VLANs or firewall rules, and monitor for unauthorized configuration changes. The device may be end-of-life; consider upgrading to a supported model [1].