Netgear has released patches for the firmware version of more than a dozen smart switches used in corporate networks. The patches address three high impact vulnerabilities, two of which have exploit code publicly available.
Netgear has identified these bugs as PSV-2021-0140, PSV-2021-0144, PSV-2021-0145, CVE tracking numbers are yet to be assigned. Additionally, many products affected have cloud management capabilities that enable them to be managed remotely.
The most serious of the three vulnerabilities is an authentication bypass, ominously titled ‘Demon’s Cries’. An authentication bypass vulnerability could allow an attacker to gain control of a vulnerable switch. It should be noted that this vulnerability requires Netgear smart control centre (SCC) to be active. This feature is switched off by default.
In addition, to get onto the internal network, an attacker would need to utilise social engineering to get a foothold to compromise the switch.
The second vulnerability, also with a sinister name, ‘Draconian Fear’, allows an attacker to hijack sessions, providing they have access to an administrator IP address. This would enable full administrator access to the switch’s web interface.
According to the researcher, the third vulnerability ‘Seventh Inferno’ will be released on September the 13th.
The Impact
If an attacker can successfully exploit ‘Demon Cries’, they can take control of vulnerable enterprise switches. This would allow them to intercept and modify network traffic and use the switch as a foothold to attack other devices on the internal network.
If an attacker can exploit ‘Draconian Fear’, they can gain administrative privileges on a switch’s web management portal, allowing them to control the switches configuration.
The remediation
It is imperative that users of Netgear switch to upgrade the latest firmware version immediately. Please see below a list of the affected product versions and their latest firmware version:
- GC108P (latest firmware version: 1.0.8.2)
- GC108PP (latest firmware version: 1.0.8.2)
- GS108Tv3 (latest firmware version: 7.0.7.2)
- GS110TPP (latest firmware version: 7.0.7.2)
- GS110TPv3 (latest firmware version: 7.0.7.2)
- GS110TUP (latest firmware version: 1.0.5.3)
- GS308T (latest firmware version: 1.0.3.2)
- GS310TP (latest firmware version: 1.0.3.2)
- GS710TUP (latest firmware version: 1.0.5.3)
- GS716TP (latest firmware version: 1.0.4.2)
- GS716TPP (latest firmware version: 1.0.4.2)
- GS724TPP (latest firmware version: 2.0.6.3)
- GS724TPv2 (latest firmware version: 2.0.6.3)
- GS728TPPv2 (latest firmware version: 6.0.8.2)
- GS728TPv2 (latest firmware version: 6.0.8.2)
- GS750E (latest firmware version: 1.0.1.10)
- GS752TPP (latest firmware version: 6.0.8.2)
- GS752TPv2 (latest firmware version: 6.0.8.2)
- MS510TXM (latest firmware version: 1.0.4.2)
- MS510TXUP (latest firmware version: 1.0.4.2)
Further information:
Netgear’s official advisory and further advice
Researchers advisory and PoC (Demon’s Cries)
Researchers advisory and PoC (Draconian Fear)