Cyber Security

Netgear fixes severe security bugs in over a dozen smart switches

Netgear has released firmware updates for more than a dozen of its smart switches used on corporate networks to address high-severity vulnerabilities.

The company fixed three security flaw that affect 20 Netgear products, mostly smart switches. Technical details and proof-of-concept (PoC) exploit code for two of the bugs are publicly available.

Affected Netgear devices

An advisory from Netgear on Friday informs that a new firmware version is available for some of its switches impacted by three security vulnerabilities that received severity scores between 7.4 and 8.8 on a scale of 10.

Netgear identifies the bugs as PSV-2021-0140, PSV-2021-0144, PSV-2021-0145, as tracking numbers have yet to be assigned. Many of the affected products are smart switches, some of them with cloud management capabilities that allows configuring and monitoring them over the web.

  • GC108P (latest firmware version: 1.0.8.2)
  • GC108PP (latest firmware version: 1.0.8.2)
  • GS108Tv3 (latest firmware version: 7.0.7.2)
  • GS110TPP (latest firmware version: 7.0.7.2)
  • GS110TPv3 (latest firmware version: 7.0.7.2)
  • GS110TUP (latest firmware version: 1.0.5.3)
  • GS308T (latest firmware version: 1.0.3.2)
  • GS310TP (latest firmware version: 1.0.3.2)
  • GS710TUP (latest firmware version: 1.0.5.3)
  • GS716TP (latest firmware version: 1.0.4.2)
  • GS716TPP (latest firmware version: 1.0.4.2)
  • GS724TPP (latest firmware version: 2.0.6.3)
  • GS724TPv2 (latest firmware version: 2.0.6.3)
  • GS728TPPv2 (latest firmware version: 6.0.8.2)
  • GS728TPv2 (latest firmware version: 6.0.8.2)
  • GS750E (latest firmware version: 1.0.1.10)
  • GS752TPP (latest firmware version: 6.0.8.2)
  • GS752TPv2 (latest firmware version: 6.0.8.2)
  • MS510TXM (latest firmware version: 1.0.4.2)
  • MS510TXUP (latest firmware version: 1.0.4.2)

Netgear’s advisory leaves out any technical details about the bugs but “strongly recommends that you download the latest firmware as soon as possible.”

Exploiting the bugs

Security researcher Gynvael Coldwind, who found and reported the vulnerabilities, today explained two of the issues and provided demo exploit code for them.

Coldwind says in his security report that one of the flaws is an authentication bypass that could, under certain conditions, allow an attacker to take control of a vulnerable device.

A prerequisite for exploiting this bug is that the Netgear Smart Control Center (SCC) feature be active. Default configurations have it turned off.

Netgear calculated a severity score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) for this vulnerability, noting that an attacker should be on the local network (Attack Vector: Adjacent) to be able to exploit it.

The researcher disagrees and marks the severity of this vulnerability as critical at 9.8. He argues that the specifications for version 3.1 of the Common Vulnerability Scoring System notes that the Attack Vector: Network (over the internet) should be used even for the intranet attacks:

“Network should be used even if the attacker is required to be on the same intranet to exploit the vulnerable system (e.g., the attacker can only exploit the vulnerability from inside a corporate network).”

However, a remote attacker would need the help of a user on the network (e.g. access a website with malicious code executed through the web browser to target the vulnerable switch) to exploit the flaw. This drops the severity security score to 8.8.

The second vulnerability that Coldwind detailed today is what he defines as an “authentication hijacking (for lack of a better term).” The description accounts for an attack where a threat actor would need the same IP address as an admin to “hijack the session bootstrapping information.”

As a result, the attacker would have full admin access to the device web user interface, giving them complete control over the device.

Talking to BleepingComputer, the researcher says that this flaw is “more interesting than dangerous” because of the need to hijack an admin’s local IP address.

Source: https://www.bleepingcomputer.com/news/security/netgear-fixes-severe-security-bugs-in-over-a-dozen-smart-switches/

Advertisement. Scroll to continue reading.
Click to comment

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version