CVE-2020-35231

Vulnerability

The NSDP (NETGEAR Switch Discovery Protocol) implementation on NETGEAR JGS516PE and GS116Ev2 switches running firmware version 2.6.0.43 does not require authentication. All configuration and management actions performed over NSDP are accepted from any network source without verifying the identity of the requester [1]. This effectively bypasses the intended access controls of the device.

Exploitation

An attacker need only be able to send packets to the switch's management interface (typically on the local network). No authentication credentials, prior access, or user interaction are required. By sending specially crafted NSDP protocol messages, the attacker can perform any action exposed through that interface, including reading and writing device configuration [1].

Impact

Successful exploitation grants the attacker full administrative control over the switch. The attacker can read sensitive configuration data, modify settings (including VLAN and port configurations), and potentially disrupt network operations or pivot to other devices on the network. The compromise is at the highest privilege level on the device, with no restrictions [1].

Mitigation

As of the publication of the advisory on March 8, 2021, no firmware update was available from NETGEAR. The advisory recommends restricting network access to the management interface (e.g., via VLAN segmentation or firewall rules) until a patched firmware version is released [1]. Users should monitor NETGEAR's support portal for updates.