Heimdal
article featured image

Contents:

Last week, multinational computer networking company Netgear released security patches to tackle three high-severity flaws impacting over 20 of its products, mostly smart switches.

The flaws were found and reported to the company by security engineer Gynvael Coldwind and are tracked by the vendor as PSV-2021-0140, PSV-2021-0144, PSV-2021-0145.

The three vulnerabilities received a CVSS score between 7.4 and 8.8 and when abused could enable a cybercriminal to gain full control of a vulnerable machine.

Technical details and proof-of-concept (PoC) exploit code for two of the bugs are publicly available.

What Netgear Products Were Impacted?

A Netgear advisory informs that a new firmware version is available for some of its affected switches and urges users to download it as quickly as possible. Some of the smart switches impacted by the flaws have cloud management capabilities that allow them to be configured and surveilled over the internet.

Firmware fixes are currently available for all affected products:

  • GC108P (fixed in firmware version 1.0.8.2)
  • GC108PP (fixed in firmware version 1.0.8.2)
  • GS108Tv3 (fixed in firmware version 7.0.7.2)
  • GS110TPP (fixed in firmware version 7.0.7.2)
  • GS110TPv3 (fixed in firmware version 7.0.7.2)
  • GS110TUP (fixed in firmware version 1.0.5.3)
  • GS308T (fixed in firmware version 1.0.3.2)
  • GS310TP (fixed in firmware version 1.0.3.2)
  • GS710TUP (fixed in firmware version 1.0.5.3)
  • GS716TP (fixed in firmware version 1.0.4.2)
  • GS716TPP (fixed in firmware version 1.0.4.2)
  • GS724TPP (fixed in firmware version 2.0.6.3)
  • GS724TPv2 (fixed in firmware version 2.0.6.3)
  • GS728TPPv2 (fixed in firmware version 6.0.8.2)
  • GS728TPv2 (fixed in firmware version 6.0.8.2)
  • GS750E (fixed in firmware version 1.0.1.10)
  • GS752TPP (fixed in firmware version 6.0.8.2)
  • GS752TPv2 (fixed in firmware version 6.0.8.2)
  • MS510TXM (fixed in firmware version 1.0.4.2)
  • MS510TXUP (fixed in firmware version 1.0.4.2)

Two of the Vulnerabilities Explained

The three bugs have been dubbed Demon’s Cries (CVSS score: 9.8), Draconian Fear (CVSS score: 7.8), and Seventh Inferno (TBD).

According to Coldwind’s security report, the vulnerability called Demon’s Cries is an authentication bypass that could lead to the hacker being able to change the admin’s password, resulting in a complete compromise of the vulnerable device. 

The security researcher’s report showed that SCC Control (NETGEAR Smart Control Center) is disabled by default, and must be manually enabled in the web UI (Security > Management Security > SCC Control).

The researcher also issued a PoC code that changes the password to “AlaMaKota1234.”

The vulnerability has been rated by Netgear with a CVSS score of 8.8 (High) but Coldwind had a different opinion assigning it a score of 9.8.

Network should be used even if the attacker is required to be on the same intranet to exploit the vulnerable system (e.g., the attacker can only exploit the vulnerability from inside a corporate network).

Source

According to the advisory, the second vulnerability reported by the expert was dubbed Draconian Fear and is an authentication hijacking issue. This bug enables a cybercriminal with the same IP as a logging-in admin to hijack the session bootstrapping information, giving the attacker complete admin access to the device web UI and resulting in a full compromise of the device.

On September 13th, we will also have details about the third Vulnerability dubbed Seventh Inferno.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE