Researchers have discovered a Critical authentication bypass vulnerability and two other flaws in multiple models of some Smart Switches.
Each of these issues could allow a remote attacker to compromise unpatched devices.
Netgear released the security updates on September 3, 2021 for some Netgear Smart Switches, PSV-2021-0140, PSV-2021-0144, PSV-2021-0145.
In all, Netgear provided firmware updates for the following models:
- GC108P
- GC108PP
- GS108Tv3
- GS110TPP
- GS110TPv3
- GS110TUP
- GS308T
- GS310TP
- GS710TUP
- GS716TP
- GS716TPP
- GS724TPP
- GS724TPv2
- GS728TPPv2
- GS728TPv2
- GS750E
- GS752TPP
- GS752TPv2
- MS510TXM
- MS510TXUP.
The firmware updates address three vulnerabilities (Demon’s Cries, Draconian Fear and Seventh Inferno) discovered by researcher, Gynvael Coldwind.
The most severe of the vulnerabilities, Demon’s Cries, could result in authentication bypass.
“NETGEAR GS110TPV3 Smart Managed Pro Switch with SCC Control enabled* is vulnerable to an authentication bypass resulting in the attacker being able to change admin’s password (among other things), resulting in a full compromise of the device,” Coldwind wrote in a blog post.
Moreover, Draconian Fear could allow an attacker with the same IP as a logged in administrator to hijack the session bootstrapping information. As a result, an attacker could “gain full admin access to the device web UI and resulting in a full compromise of the device.”
According to Netgear, the vulnerabilities range from a CVSS score of 7.4 to 8.8.
However, Coldwind said that the Demon’s Cries vulnerability should be rated 9.8 based on attack vectors (i.e., network vs. adjacent).
Related Articles
- Netgear fixes high risk vulnerability in multiple routers and network devices
- NETGEAR denial-of-service vulnerabilities fixed (CVE-2019-5054, CVE-2019-5055)
- 450K internet-connected QNAP devices exposed to RCE vulnerabilities
- New Mirai variant exploits IoT devices
- VPNfilter malware targets 500K networking devices