Multiple Security Vulnerabilities With NETGEAR Let Attackers Gain Full Control of Device – PoC Released

Netgear has recently fixed over a dozen of its smart switches that are generally used on corporate networks, and Netgear has released respective firmware updates to fix them.

In these security updates Netgear has addressed and fixed three vulnerabilities which are reported by the security analyst, Gynvael Coldwind, and these three flaws affect 20 products of Netgear, among them most of them are the smart switches.

However, according to the reports presented by the security experts, currently, the technical details and PoC (Proof-of-Concept) exploit code are available for only two vulnerabilities.

Vulnerabilities

The cybersecurity experts have detected three vulnerabilities and here they are mentioned below:-

  1. PSV-2021-0140
  2. PSV-2021-0144
  3. PSV-2021-0145

And here below we have mentioned the flaw profiles:-

  • Vulnerability Codename: Demon’s Cries
  • Vendor-specific ID: Either PSV-2021-0140 or PSV-2021-0145, not sure.
  • CVE: TO BE ASSIGNED
  • CVSS: 9.8 (Critical)1, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (Note: thankfully this feature is NOT enabled by default)
  • Patch Diff Risk: TO BE FILLED
  • Vulnerability Codename: Draconian Fear
  • Vendor-specific ID: PSV-2021-0144
  • CVE: TO BE ASSIGNED
  • CVSS: 7.8 (High)1, CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Patch Diff Risk: TO BE FILLED

Abusing The Security Flaws

Among three security vulnerabilities, the security researcher, Gynvael Coldwind claimed that one of the bugs dubbed as Demon’s Cries could easily allow a threat actor to take full control of a vulnerable device, as this flaw under certain conditions could bypass authentication. 

While the second vulnerability was dubbed as “Draconian Fear,” and it’s an authentication hijacking flaw. By exploiting this security bug, an attacker can easily hijack the session bootstrapping information, and to do so, the attacker needs the same IP address as an admin.

And as a result, the threat actor gains admin access to the device web UI which implies taking full control of the vulnerable device.

Models Affected & Fixed

Here’s the list of full devices that are affected and fixed:- 

  1. GC108P
  2. GC108PP
  3. GS108Tv3
  4. GS110TPP
  5. GS110TPv3
  6. GS110TUP
  7. GS308T
  8. GS310TP
  9. GS710TUP
  10. GS716TP
  11. GS716TPP
  12. GS724TPP
  13. GS724TPv2
  14. GS728TPPv2
  15. GS728TPv2
  16. GS750E
  17. GS752TPP
  18. GS752TPv2
  19. MS510TXM
  20. MS510TXUP

Firmware Fixes

Below we have mentioned the firmware fixes along with their respective devices:-

  1. GC108P fixed in firmware version 1.0.8.2
  2. GC108PP fixed in firmware version 1.0.8.2
  3. GS108Tv3 fixed in firmware version 7.0.7.2
  4. GS110TPP fixed in firmware version 7.0.7.2
  5. GS110TPv3 fixed in firmware version 7.0.7.2
  6. GS110TUP fixed in firmware version 1.0.5.3
  7. GS308T fixed in firmware version 1.0.3.2
  8. GS310TP fixed in firmware version 1.0.3.2
  9. GS710TUP fixed in firmware version 1.0.5.3
  10. GS716TP fixed in firmware version 1.0.4.2
  11. GS716TPP fixed in firmware version 1.0.4.2
  12. GS724TPP fixed in firmware version 2.0.6.3
  13. GS724TPv2 fixed in firmware version 2.0.6.3
  14. GS728TPPv2 fixed in firmware version 6.0.8.2
  15. GS728TPv2 fixed in firmware version 6.0.8.2
  16. GS750E fixed in firmware version 1.0.1.10
  17. GS752TPP fixed in firmware version 6.0.8.2
  18. GS752TPv2 fixed in firmware version 6.0.8.2
  19. MS510TXM fixed in firmware version 1.0.4.2
  20. MS510TXUP fixed in firmware version 1.0.4.2

Updating Firmware 

In the official blog, the cybersecurity analysts at Netgear have recommended all its users to update all of their Netgear devices with the latest firmware immediately. If you are still thinking why then let me clarify that this new update brings the following key things:-

  • Security fixes
  • Bug fixes
  • New features

To make it more simple they have also recommended the users to use respective official support apps of their products to update their firmware, like:-

  • Orbi products: NETGEAR Orbi app
  • NETGEAR WiFi routers: NETGEAR Nighthawk app
  • Some NETGEAR Business products: NETGEAR Insight app

Moreover, if you didn’t find any supported app of your product then, in that case, you don’t have to worry about that, since you can update your device firmware manually, and you can do so by following the instructions given in your product’s user manual, firmware release notes, or product support page.

Follow us on LinkedinTwitterFacebook for daily Cybersecurity News & Updates

Balaji N
Balaji N
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.
Linkedin Twitter