Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released

Introduction:

Netgear, Inc. is a multinational computer networking company based in San Jose, California, with offices in about 25 other countries. It produces networking hardware for consumers, businesses, and service providers. The company operates in three business segments: retail, commercial, and as a service provider.

Netgear’s products cover a variety of widely used technologies such as wireless (WiFi and LTE), Ethernet and powerline, with a focus on reliability and ease-of-use. The products include wired and wireless devices for broadband access and network connectivity, and are available in multiple configurations to address the needs of the end-users in each geographic region and sector in which the company’s products are sold.

As of 2020, Netgear products are sold in approximately 24,000 retail locations around the globe, and through approximately 19,000 value-added resellers, as well as multiple major cable, mobile and wireline service providers around the world.

Networking, storage and security solutions provider Netgear on Friday issued patches to address three security vulnerabilities affecting its smart switches that could be abused by an adversary to gain full control of a vulnerable device.

The Bug was discovered and reported to Netgear by Google security engineer Gynvael Coldwind,

The three vulnerabilities have been given the codenames Demon’s Cries (CVSS score: 9.8), Draconian Fear (CVSS score: 7.8), and Seventh Inferno (TBD).

 

Impact:

The flaws concern:

1)An authentication bypass

2)An authentication hijacking

3) 3rd as-but-undisclosed vulnerability that could grant an attacker the ability to modify the administrator password devoid of essentially owning to know the previous password or hijack the session bootstrapping facts, ensuing in a complete compromise of the device.

 

Netgear affects the following models:

  • GC108P (fixed in firmware version 1.0.8.2)
  • GC108PP (fixed with firmware version 1.0.8.2)
  • GS108Tv3 (fixed in firmware version 7.0.7.2)
  • GS110TPP (fixed in firmware version 7.0.7.2)
  • GS110TPv3 (fixed in firmware version 7.0.7.2)
  • GS110TUP (fixed with firmware version 1.0.5.3)
  • GS308T (fixed in firmware version 1.0.3.2)
  • GS310TP (fixed in firmware version 1.0.3.2)
  • GS710TUP (fixed with firmware version 1.0.5.3)
  • GS716TP (fixed in firmware version 1.0.4.2)
  • GS716TPP (fixed in firmware version 1.0.4.2)
  • GS724TPP (fixed in firmware version 2.0.6.3)
  • GS724TPv2 (fixed with firmware version 2.0.6.3)
  • GS728TPPv2 (fixed in firmware version 6.0.8.2)
  • GS728TPv2 (fixed in firmware version 6.0.8.2)
  • GS750E (fixed in firmware version 1.0.1.10)
  • GS752TPP (fixed in firmware version 6.0.8.2)
  • GS752TPv2 (fixed in firmware version 6.0.8.2)
  • MS510TXM (fixed in firmware version 1.0.4.2)
  • MS510TXUP (fixed in firmware version 1.0.4.2)

 

Recommendations

  • The vendor provides a patched version for the affected and supported products which should be updated immediately.
  • It strongly recommends that you download the latest firmware as soon as possible.
  • To download latest firmware for the netgear products:
  1. First visit to vendor site (NETGEAR Support)
  2. Type the model number of the product.
  3. Click Firmware and Software Downloads
  4. Under Current Versions, select the firmware version that you want to download and then click the Download button.