News

Netgear fixed authentication bypass vulnerabilities in its switchboards

Network equipment manufacturer Netgear has patched three vulnerabilities in several of its switchboard models. Bugs allowed attackers to bypass authentication and completely take control of devices.

The vulnerabilities were codenamed Demon’s Cries, Draconian Fear and Seventh Inferno. They were found by a Polish cybersecurity researcher known as Gynvael Coldwind. The expert has already published a detailed description of the problems and PoC exploits for Demon’s Cries and Draconian Fear on his blog, and the details of the third bug, Seventh Inferno, will be released next Monday, on September 13th.

The most serious of the three problems is considered to be the Demon’s Cries vulnerability, which scored 9.8 out of 10 on the CVSS scale. This vulnerability can be exploited to bypass initial authentication and change the administrator account password on vulnerable switches.

Fortunately, not all switchboards are vulnerable, as the problem was found in the SCC Control web panel (NETGEAR Smart Control Center), which is disabled by default. However, if SCC Control is enabled, the error can lead to a “complete compromise of the device,” warns the researcher.

Initially, the expert tested the bug on Smart Managed Pro Switch Netgear GS110TPV3, but now the device manufacturer has confirmed that Demon’s Cries and Draconian Fear affect other devices, the list of which can be seen below.

  1. GC108P (vulnerabilities fixed in firmware 1.0.8.2)
  2. GC108PP (vulnerabilities fixed in firmware 1.0.8.2)
  3. GS108Tv3 (vulnerabilities fixed in firmware 7.0.7.2)
  4. GS110TPP (vulnerabilities fixed in firmware 7.0.7.2)
  5. GS110TPv3 (vulnerabilities fixed in firmware 7.0.7.2)
  6. GS110TUP (vulnerabilities fixed in firmware 1.0.5.3)
  7. GS308T (vulnerabilities fixed in firmware 1.0.3.2)
  8. GS310TP (vulnerabilities fixed in firmware 1.0.3.2)
  9. GS710TUP (vulnerabilities fixed in firmware 1.0.5.3)
  10. GS716TP (vulnerabilities fixed in firmware 1.0.4.2)
  11. GS716TPP (vulnerabilities fixed in firmware 1.0.4.2)
  12. GS724TPP (vulnerabilities fixed in firmware 2.0.6.3)
  13. GS724TPv2 (vulnerabilities fixed in firmware 2.0.6.3)
  14. GS728TPPv2 (vulnerabilities fixed in firmware 6.0.8.2)
  15. GS728TPv2 (vulnerabilities fixed in firmware 6.0.8.2)
  16. GS750E (vulnerabilities fixed in firmware 1.0.1.10)
  17. GS752TPP (vulnerabilities fixed in firmware 6.0.8.2)
  18. GS752TPv2 (vulnerabilities fixed in firmware 6.0.8.2)
  19. MS510TXM (vulnerabilities are fixed in firmware 1.0.4.2)
  20. MS510TXUP (vulnerabilities are fixed in firmware 1.0.4.2)
The Draconian Fear vulnerability can also be used to bypass authentication, but is considered less serious (7.8 on the CVVS scale). The fact is that this error can only be exploited to intercept the sessions of the logged in administrator and the attack must be carried out from the IP address of this administrator himself.

Let me remind you that we also talked about the fact that 79 Netgear router models contain critical vulnerability, and also that More than 40 Netgear routers will not receive RCE bug patches.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbr├╝cken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button