CVE-2020-35230

CWE-190 — Integer Overflow5 documents4 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 66.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Gs116e Firmware Netgear Jgs516pe Firmware

Timeline

PublishedMar 10

Latest updateMay 24

Description

Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶NVDnetgear/jgs516pe_firmware2.6.0.43

▶NVDnetgear/gs116e_firmware2.6.0.43

🔴Vulnerability Details

GHSA

GHSA-x323-79p8-7qv5: Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2↗2022-05-24

▶

CVEList

CVE-2020-35230: Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2↗2021-03-10

▶

🔍Detection Rules

Suricata

ET EXPLOIT Netgear ProSAFE Plus Possible Integer Overflow Attempt Inbound M2 (CVE-2020-35230)↗2021-03-11

▶

Suricata

ET EXPLOIT Netgear ProSAFE Plus Possible Integer Overflow Attempt Inbound M1 (CVE-2020-35230)↗2021-03-11

▶