Netgear Patched a Number of Serious Vulnerabilities In Its Smart Switches

Recently, Netgear has fixed numerous security vulnerabilities in its smart switches that could allow device takeovers. Specifically, these include fixes for two critical bugs with another high-severity vulnerability. Since the patches are out, all users, including corporate customers, must ensure updating their devices at the earliest.

Netgear Smart Switches Vulnerabilities

A security engineer from Google, Gynvael Coldwind, discovered three different vulnerabilities in Netgear smart switches.

These include two critical vulnerabilities identified as “Demon’s Cries” (CVE-2021-40866) and “Seventh Inferno” (CVE-2021-41314), and a high-severity bug “Draconian Fear” (CVE-2021-40867). The two critical bugs received a CVSS score of 9.8, whereas the third bug received a CVSS score of 7.4. The researcher has described the details for all the bugs in separate advisories.

From these bugs, the vulnerability Seventh Inferno could allow an adversary to gain root access to the target devices. As described in Coldwind’s post,

In short, it goes from a newline injection in the password field, through being able to write a file with constant uncontrolled content of 2 (like, one byte 32h), through a DoS and session crafting (which yields an admin web UI user), to an eventual post-auth shell injection (which yields full root).

Patches Deployed With Firmware Updates

Following Coldwind’s report, Netgear addressed the vulnerabilities.

Although, they somewhat differed from the researcher in labeling the severity scores for the flaws. Specifically, they assigned CVSS scores of 8.8 (instead of 9.8) to the two critical flaws and 7.4 (instead of 7.8) to the high-severity bug.

Nonetheless, what matters here is that Netgear has deployed the patches for all three bugs with the latest firmware updates. Explaining more in their advisory, Netgear urged users to update their devices to the following firmware versions.

  • GC108P (firmware version 1.0.8.2)
  • GC108PP (firmware version 1.0.8.2)
  • GS108Tv3 (firmware version 7.0.7.2)
  • GS110TPP (firmware version 7.0.7.2)
  • GS110TPv3 (firmware version 7.0.7.2)
  • GS110TUP (firmware version 1.0.5.3)
  • GS308T (firmware version 1.0.3.2)
  • GS310TP (firmware version 1.0.3.2)
  • GS710TUP (firmware version 1.0.5.3)
  • GS716TP (firmware version 1.0.4.2)
  • GS716TPP (firmware version 1.0.4.2)
  • GS724TPP (firmware version 2.0.6.3)
  • GS724TPv2 (firmware version 2.0.6.3)
  • GS728TPPv2 (firmware version 6.0.8.2)
  • GS728TPv2 (firmware version 6.0.8.2)
  • GS750E (firmware version 1.0.1.10)
  • GS752TPP (firmware version 6.0.8.2)
  • GS752TPv2 (firmware version 6.0.8.2)
  • MS510TXM (firmware version 1.0.4.2)
  • MS510TXUP (firmware version 1.0.4.2)

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients