Netgear Patches 3 Managed Switch Vulnerabilities

Get in Touch

Get in Touch

Overview

Netgear has released an update to address 3 reported vulnerabilities in their managed switches.

Some models of switch with Netgear Smart Control Center (SCC) control enabled are vulnerable to an authentication bypass (DEMON’S CRIES) resulting in the attacker being able to change the admin password. The SCC feature is disabled by default, which has allowed Netgear to score this vulnerability as 8.8/10, while some researchers believe that it deserves a critical score of 9.8/10.

Another exploit (DRACONIAN FEAR) would allow an attacker to hijack an admin’s login. This requires the user to have the same IP as an admin while they log in.

Details of the third attack (SEVENTH INFERNO) will be released on the 13th of September.

Impact

A remote, unauthenticated user may be able to gain control over a Netgear managed switch running the SCC service. A user who shares an IP with an admin (eg. a user on the same network or an attacker with some level of access to the admin’s machine) could hijack an admin’s login flow in order to achieve the same result.

Vulnerability Detection

Several vulnerability management solution vendors have updated their plugins to automatically detect this vulnerability. To manually check to see if your Netgear Smart Switch is vulnerable: SCC Control is found under `Security > Management Security > SCC Control` If this is enabled, your device is vulnerable.

Affected Products

GC108P
GC108PP
GS108Tv3
GS110TPP
GS110TPv3
GS110TUP
GS308T
GS310TP
GS710TUP
GS716TP
GS716TPP
GS724TPP
GS724TPv2
GS728TPPv2
GS728TPv2
GS750E
GS752TPP
GS752TPv2
MS510TXM
MS510TXUP

Containment, Mitigations & Remediations

Netgear have released firmware fixes for all affected products.

Mitre Methodologies

Further Information