Authentication Bypass – NetGear Switches

Networking, storage and security solutions provider Netgear issued patches to address three security vulnerabilities affecting its smart switches that could be abused by an adversary to gain full control of a vulnerable device. Discovered and reported by Google security engineer Gynvael Coldwind, impact the following models –

• GC108P
• GC108PP
• GS108Tv3
• GS110TPP
• GS110TPv3
• GS110TUP
• GS308T
• GS310TP
• GS710TUP
• GS716TP
• GS716TPP
• GS724TPv2
• GS728TPPv2
• GS728TPv2
• GS750E
• GS752TPP
• GS752TPv2
• MS510TXM
• MS510TXUP

The flaws concern an authentication bypass, an authentication hijacking, and a third as-yet-undisclosed vulnerability that could grant an attacker the ability to change the administrator password without actually having to know the previous password or hijack the session bootstrapping information, resulting in a full compromise of the device.

The three vulnerabilities have been given the codenames Demon’s Cries (CVSS score: 9.8), Draconian Fear (CVSS score: 7.8), and Seventh Inferno (TBD). Companies relying on the Netgear switches are recommended to upgrade to the latest version as soon as possible to mitigate any potential exploitation risk.