NETGEAR Smart Switches Affected By Three New Bugs

NETGEAR Smart Switches Affected By Three New Bugs

Netgear’s smart switches, which govern the access and control rights of various parts of an organization’s network, were recently found to contain three serious bugs. Netgear was quick to address this issue and released 3 patches to resolve the vulnerabilities on Friday.

Netgear is a renowned computer networking company offering storage, security, and networking solutions to organizations.

The security vulnerabilities allowed the attackers to gain unauthorized control of the target device.

It was Google’s security engineer Gynvael Coldwind who detected and reported the flaws to Netgear. The models affected by this flaw include:

  • GC108P (fixed in firmware version
  • GS108Tv3 (fixed in firmware version
  • GC108PP (fixed in firmware version
  • GS110TPP (fixed in firmware version
  • GS110TUP (fixed in firmware version
  • GS110TPv3 (fixed in firmware version
  • GS308T (fixed in firmware version
  • GS310TP (fixed in firmware version
  • GS710TUP (fixed in firmware version
  • GS716TPP (fixed in firmware version
  • GS716TP (fixed in firmware version
  • GS724TPP (fixed in firmware version
  • GS724TPv2 (fixed in firmware version
  • GS728TPv2 (fixed in firmware version
  • GS728TPPv2 (fixed in firmware version
  • GS752TPP (fixed in firmware version
  • GS750E (fixed in firmware version
  • GS752TPv2 (fixed in firmware version
  • MS510TXUP (fixed in firmware version
  • MS510TXM (fixed in firmware version

Two vulnerabilities allowed authentication hijacking and authentication bypass, and another flaw allowed attackers to change the device’s password, lockout the original owner, and gain full control of the device.

The three vulnerabilities have been named Draconian Fear (CVSS score: 7.8), Demon’s Cries (CVSS score: 9.8), and Seventh Inferno (TBD).

“A funny bug related to authorization spawns from the fact that the password is obfuscated by being XORed with ‘NtgrSmartSwitchRock,” Coldwind said explaining the authentication bypass. “However, due to the fact that in the handler of TLV type 10 an strlen() is called on the still obfuscated password, it makes it impossible to authenticate correctly with a password that happens to have the same character as the phrase above at a given position.”

However, Draconian Fear can only be exploited if the attacker has the same IP address as the user or somehow imitating the original IP address. The web user interface largely depends on the IP address and userAgent. This increases the attacker’s chances of accessing that session’s information before the admin’s browser can.

Considering the severity of this vulnerability, companies using affected Netgear switches have been advised to upgrade to the latest version as soon as possible.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.