Unrated severityNVD Advisory· Published Mar 10, 2021· Updated Aug 4, 2024

CVE-2020-35227

Description

A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer overflow vulnerability in the access control section of NETGEAR JGS516PE/GS116Ev2 switches (v2.6.0.43) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter.

Vulnerability

A buffer overflow vulnerability exists in the access control section of the administration web panel on NETGEAR JGS516PE and GS116Ev2 switches running firmware version 2.6.0.43. The overflow occurs when processing the checkedList parameter in the delete command, allowing an attacker to inject arbitrary IP addresses into the whitelist [1].

Exploitation

An attacker with network access to the management interface and valid administrative credentials can send a crafted HTTP request with a malicious checkedList parameter to the delete command. This triggers the buffer overflow, enabling the injection of IP addresses into the whitelist [1].

Impact

Successful exploitation allows the attacker to add unauthorized IP addresses to the whitelist, potentially bypassing access controls and gaining unauthorized network access. While the primary described impact is whitelist manipulation, the buffer overflow could also lead to more severe consequences such as arbitrary code execution [1].

Mitigation

NETGEAR has released a firmware update to address this vulnerability. Users should upgrade to the latest firmware version for their devices. If an update is not immediately available, restrict access to the management interface to trusted networks only [1].

References

Cyber Security Research

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/JGS516PE/GS116Ev2description
Netgear/JGS516PEllm-fuzzy
Range: = 2.6.0.43
Netgear/GS116Ev2llm-fuzzy
Range: = 2.6.0.43

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000