How can we help?
Netgear has released an update to address 3 reported vulnerabilities in their managed switches.
Some models of switch with Netgear Smart Control Center (SCC) control enabled are vulnerable to an authentication bypass (DEMON’S CRIES) resulting in the attacker being able to change the admin password. The SCC feature is disabled by default, which has allowed Netgear to score this vulnerability as 8.8/10, while some researchers believe that it deserves a critical score of 9.8/10.
Another exploit (DRACONIAN FEAR) would allow an attacker to hijack an admin’s login. This requires the user to have the same IP as an admin while they log in.
Details of the third attack (SEVENTH INFERNO) will be released on the 13th of September.
A remote, unauthenticated user may be able to gain control over a Netgear managed switch running the SCC service. A user who shares an IP with an admin (eg. a user on the same network or an attacker with some level of access to the admin’s machine) could hijack an admin’s login flow in order to achieve the same result.
Several vulnerability management solution vendors have updated their plugins to automatically detect this vulnerability. To manually check to see if your Netgear Smart Switch is vulnerable: SCC Control is found under `Security > Management Security > SCC Control` If this is enabled, your device is vulnerable.
Containment, Mitigations & Remediations
Netgear have released firmware fixes for all affected products.