Unrated severityNVD Advisory· Published Mar 10, 2021· Updated Aug 4, 2024

CVE-2020-35233

Description

The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

TFTP server on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 fails to handle concurrent connections, enabling unauthenticated remote denial of service via device reboot.

Vulnerability

The TFTP server on NETGEAR JGS516PE and GS116Ev2 switches running firmware version 2.6.0.43 fails to properly handle multiple concurrent connections. This allows an external attacker to force a device reboot by sending a high volume of simultaneous TFTP requests, as documented in [1].

Exploitation

An unauthenticated attacker with network access to the TFTP server can exploit this vulnerability simply by initiating multiple concurrent TFTP connections. No authentication or user interaction is required; the attacker only needs the ability to send packets to the switch's TFTP port.

Impact

Successful exploitation causes the switch to reboot, resulting in a denial of service (DoS). All network services are temporarily interrupted until the device completes the reboot cycle. No data is compromised, but network availability is impacted until the switch recovers.

Mitigation

As of the advisory publication, no firmware update has been released by NETGEAR [1]. Recommended workarounds include disabling the TFTP service on the switch or restricting network access to it via firewall rules. The device may be end-of-life; users should consult NETGEAR support for further guidance.

References

Cyber Security Research

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/JGS516PE/GS116Ev2description
Netgear/JGS516PEllm-fuzzy
Range: = v2.6.0.43
Netgear/GS116Ev2llm-fuzzy
Range: = v2.6.0.43

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000