Third Critical Bug Shakes NETGEAR Smart Switches, Details and PoC Made Public

Third Critical Bug Shakes NETGEAR Smart Switches, Details and PoC Made Public

New information has surfaced concerning a newly patched serious vulnerability in NETGEAR smart switches that may allow attackers to execute malicious code and take control over affected devices.

The vulnerability, nicknamed “Seventh Inferno” (with a CVSS score of 9.8), is one of a trilogy of security flaws that Google security analyst Gynvael Coldwind disclosed to the networking, security, and storage solutions provider. The other two parts of this trio are Demon’s Cries (with a CVSS score of 9.8) and Draconian Fear (with a CVSS score of 7.8).

NETGEAR published fixes/patches to resolve the flaws on September 3rd.

An attacker who successfully exploited Suppose Demon’s Cries and Draconian Fear could change the administrator password without knowing the prior password or hijack the session bootstrapping information, and completely compromise the device.

In a recent update regarding Seventh Inferno, Coldwind explained that a newline injection vulnerability causes the problem in the password field during Web UI login. It allows an attacker to build fake session files and combine them with a reboot DoS and a post-authentication shell injection to obtain an utterly legitimate session and execute any code as the root user.

“This vulnerability and exploit chain is actually quite interesting technically,” Coldwind said. “In short, it goes from a newline injection in the password field, through being able to write a file with constant uncontrolled content of ‘2’ (like, one byte 32h), through a DoS and session crafting (which yields an admin web UI user), to an eventual post-auth shell injection (which yields full root).”

All models affected by three vulnerabilities are:

·         GC108P (fixed in firmware version

·         GC108PP (fixed in firmware version

·         GS108Tv3 (fixed in firmware version

·         GS110TPP (fixed in firmware version

·         GS110TPv3 (fixed in firmware version

·         GS110TUP (fixed in firmware version

·         GS308T (fixed in firmware version

·         GS310TP (fixed in firmware version

·         GS710TUP (fixed in firmware version

·         GS716TP (fixed in firmware version

·         GS716TPP (fixed in firmware version

·         GS724TPP (fixed in firmware version

·         GS724TPv2 (fixed in firmware version

·         GS728TPPv2 (fixed in firmware version

·         GS728TPv2 (fixed in firmware version

·         GS750E (fixed in firmware version

·         GS752TPP (fixed in firmware version

·         GS752TPv2 (fixed in firmware version

·         MS510TXM (fixed in firmware version

·         MS510TXUP (fixed in firmware version

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.