Netgear Tackles Severe Security Vulnerabilities Impacting Several of Its Smart Switches
The Security Bugs Could Be Exploited by an Attacker to Gain Complete Control of a Vulnerable Device.
Last updated on September 7, 2021
Last week, multinational computer networking company Netgear released security patches to tackle three high-severity flaws impacting over 20 of its products, mostly smart switches.
The flaws were found and reported to the company by security engineer Gynvael Coldwind and are tracked by the vendor as PSV-2021-0140, PSV-2021-0144, PSV-2021-0145.
The three vulnerabilities received a CVSS score between 7.4 and 8.8 and when abused could enable a cybercriminal to gain full control of a vulnerable machine.
Technical details and proof-of-concept (PoC) exploit code for two of the bugs are publicly available.
I’ve published the reports for 2 of 3 recently patched NETGEAR vulnerabilities:https://t.co/RW8ufNBP2Ihttps://t.co/fXNUVuldh7
1st is just an auth bypass, but the 2nd – while not that risky – is pretty fun (in a facepalm kind of way).
3rd will be published on Sept 13th.
A Netgear advisory informs that a new firmware version is available for some of its affected switches and urges users to download it as quickly as possible. Some of the smart switches impacted by the flaws have cloud management capabilities that allow them to be configured and surveilled over the internet.
Firmware fixes are currently available for all affected products:
According to Coldwind’ssecurity report, the vulnerability called Demon’s Cries is an authentication bypass that could lead to the hacker being able to change the admin’s password, resulting in a complete compromise of the vulnerable device.
The security researcher’s report showed that SCC Control (NETGEAR Smart Control Center) is disabled by default, and must be manually enabled in the web UI (Security > Management Security > SCC Control).
The researcher also issued a PoC code that changes the password to “AlaMaKota1234.”
The vulnerability has been rated by Netgear with a CVSS score of 8.8 (High) but Coldwind had a different opinion assigning it a score of 9.8.
Network should be used even if the attacker is required to be on the same intranet to exploit the vulnerable system (e.g., the attacker can only exploit the vulnerability from inside a corporate network).
According to the advisory, the second vulnerability reported by the expert was dubbed Draconian Fear and is an authentication hijacking issue. This bug enables a cybercriminal with the same IP as a logging-in admin to hijack the session bootstrapping information, giving the attacker complete admin access to the device web UI and resulting in a full compromise of the device.
On September 13th, we will also have details about the third Vulnerability dubbed Seventh Inferno.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.