CVE-2020-35225

CWE-120 — Classic Buffer Overflow6 documents4 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 68.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Gs116e Firmware Netgear Jgs516pe Firmware

Timeline

PublishedMar 10

Latest updateMay 24

Description

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶NVDnetgear/jgs516pe_firmware2.6.0.43

▶NVDnetgear/gs116e_firmware2.6.0.43

🔴Vulnerability Details

GHSA

GHSA-rgww-m6rm-gm57: The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2↗2022-05-24

▶

CVEList

CVE-2020-35225: The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2↗2021-03-10

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible NSDP (Netgear) Write Command Buffer Overflow Attempt - 0x0003 (CVE-2020-35225)↗2021-03-11

▶

Suricata

ET EXPLOIT Possible NSDP (Netgear) Write Command Buffer Overflow Attempt - 0x0005 (CVE-2020-35225)↗2021-03-11

▶

Suricata

ET EXPLOIT Possible NSDP (Netgear) Write Command Buffer Overflow Attempt - 0x000a (CVE-2020-35225)↗2021-03-11

▶