Netgear has released firmware patches to address high-severity vulnerabilities affecting more than a dozen of its smart switches used in business networks.
Three security weaknesses in 20 Netgear devices were patched, the majority of which are smart switches. Two of the issues have technical information and proof-of-concept (PoC) exploit code that is publicly available.
According to a Netgear advisory, a new firmware version is available for some of its switches that are affected by three security vulnerabilities with severity ratings ranging from 7.4 to 8.8 on a scale of 10.
Since tracking numbers have yet to be allocated, the bugs are labelled as PSV-2021-0140, PSV-2021-0144, and PSV-2021-0145. Many of the equipment involved are smart switches, some of which have cloud management capabilities that allow them to be configured and monitored remotely.
- GC108P (latest firmware version: 1.0.8.2)
- GC108PP (latest firmware version: 1.0.8.2)
- GS108Tv3 (latest firmware version: 7.0.7.2)
- GS110TPP (latest firmware version: 7.0.7.2)
- GS110TPv3 (latest firmware version: 7.0.7.2)
- GS110TUP (latest firmware version: 1.0.5.3)
- GS308T (latest firmware version: 1.0.3.2)
- GS310TP (latest firmware version: 1.0.3.2)
- GS710TUP (latest firmware version: 1.0.5.3)
- GS716TP (latest firmware version: 1.0.4.2)
- GS716TPP (latest firmware version: 1.0.4.2)
- GS724TPP (latest firmware version: 2.0.6.3)
- GS724TPv2 (latest firmware version: 2.0.6.3)
- GS728TPPv2 (latest firmware version: 6.0.8.2)
- GS728TPv2 (latest firmware version: 6.0.8.2)
- GS750E (latest firmware version: 1.0.1.10)
- GS752TPP (latest firmware version: 6.0.8.2)
- GS752TPv2 (latest firmware version: 6.0.8.2)
- MS510TXM (latest firmware version: 1.0.4.2)
- MS510TXUP (latest firmware version: 1.0.4.2)
Users should download the new firmware as soon as possible, according to the company.
Gynvael Coldwind, the security researcher who discovered and reported the flaws, described two of them and offered demo exploit code for them.
Coldwind claims that one of the issues, dubbed Demon’s Cries, is an authentication bypass that might allow an attacker to gain control of a vulnerable device under certain circumstances.
The Netgear Smart Control Center (SCC) feature must be enabled in order to exploit this flaw. They are turned off by default.
Netgear has given this bug an 8.8 severity rating since an attacker would need to be on the local network to exploit it.
The researcher, on the other hand, disagrees and rates the severity of this vulnerability at 9.8. He claims that the Attack Vector: Network (over the internet) should be utilized even for intranet assaults, as stated in the Common Vulnerability Scoring System version 3.1 specifications:
However, a remote attacker would need the assistance of a network user to exploit the weakness. The severity security score now stands at 8.8.
Draconian Fear is the name given to the second vulnerability described by Coldwind, who describes it as a “authentication hijacking.” A threat actor would require the same IP address as an admin to “hijack the session bootstrapping information,” according to the description.
As a result, an attacker would gain full admin access to the web user interface of the device, allowing them complete control over it.
Information on the third vulnerability, dubbed Seventh Inferno, will be released later.
You might also like:
Mirai botnet targets several devices using Realtek SDK
Razer flaw allows threat actors to take over Windows PCs
Diavol ransomware sample reveals potential link to TrickBot gang