Multiple vulnerabilities in several NETGEAR Switches



Published: 2021-09-07
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID N/A
CWE-ID CWE-287
Exploitation vector Local network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe 		GC108P
Hardware solutions / Routers & switches, VoIP, GSM, etc

GC108PP
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS108Tv3
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS110TPP
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS110TPv3
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS110TUP
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS308T
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS310TP
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS710TUP
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS716TP
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS716TPP
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS724TPP
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS724TPv2
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS728TPPv2
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS728TPv2
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS750E
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS752TPP
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS752TPv2
Hardware solutions / Routers & switches, VoIP, GSM, etc

MS510TXM
Hardware solutions / Routers & switches, VoIP, GSM, etc

MS510TXUP
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Improper Authentication

EUVDB-ID: #VU56358

Risk: Medium

CVSSv3.1: 7.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker on the local network can change admin's password and gain full access to the target device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GC108P: before 1.0.8.2

GC108PP: before 1.0.8.2

GS108Tv3: before 7.0.7.2

GS110TPP: before 7.0.7.2

GS110TPv3: before 7.0.7.2

GS110TUP: before 1.0.5.3

GS308T: before 1.0.3.2

GS310TP: before 1.0.3.2

GS710TUP: before 1.0.5.3

GS716TP: before 1.0.4.2

GS716TPP: before 1.0.4.2

GS724TPP: before 2.0.6.3

GS724TPv2: before 2.0.6.3

GS728TPPv2: before 6.0.8.2

GS728TPv2: before 6.0.8.2

GS750E: before 1.0.1.10

GS752TPP: before 6.0.8.2

GS752TPv2: before 6.0.8.2

MS510TXM: before 1.0.4.2

MS510TXUP: before 1.0.4.2

External links

http://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145
http://gynvael.coldwind.pl/?id=740


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Improper Authentication

EUVDB-ID: #VU56359

Risk: Medium

CVSSv3.1: 7.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker on the local network can change admin's password and gain full access to the target device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GC108P: before 1.0.8.2

GC108PP: before 1.0.8.2

GS108Tv3: before 7.0.7.2

GS110TPP: before 7.0.7.2

GS110TPv3: before 7.0.7.2

GS110TUP: before 1.0.5.3

GS308T: before 1.0.3.2

GS310TP: before 1.0.3.2

GS710TUP: before 1.0.5.3

GS716TP: before 1.0.4.2

GS716TPP: before 1.0.4.2

GS724TPP: before 2.0.6.3

GS724TPv2: before 2.0.6.3

GS728TPPv2: before 6.0.8.2

GS728TPv2: before 6.0.8.2

GS750E: before 1.0.1.10

GS752TPP: before 6.0.8.2

GS752TPv2: before 6.0.8.2

MS510TXM: before 1.0.4.2

MS510TXUP: before 1.0.4.2

External links

http://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145
http://gynvael.coldwind.pl/?id=740


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Improper Authentication

EUVDB-ID: #VU56360

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A local attacker can hijack the session bootstrapping information and gain full access to the target device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GC108P: before 1.0.8.2

GC108PP: before 1.0.8.2

GS108Tv3: before 7.0.7.2

GS110TPP: before 7.0.7.2

GS110TPv3: before 7.0.7.2

GS110TUP: before 1.0.5.3

GS308T: before 1.0.3.2

GS310TP: before 1.0.3.2

GS710TUP: before 1.0.5.3

GS716TP: before 1.0.4.2

GS716TPP: before 1.0.4.2

GS724TPP: before 2.0.6.3

GS724TPv2: before 2.0.6.3

GS728TPPv2: before 6.0.8.2

GS728TPv2: before 6.0.8.2

GS750E: before 1.0.1.10

GS752TPP: before 6.0.8.2

GS752TPv2: before 6.0.8.2

MS510TXM: before 1.0.4.2

MS510TXUP: before 1.0.4.2

External links

http://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145
http://gynvael.coldwind.pl/?id=741


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###