Netgear is a multinational computer networking company that produces networking hardware for consumers, businesses, and service providers. Netgear identified three high severity vulnerabilities and patched them recently, affecting its wide range of products. Most of these affected products are smart switches, some of them with cloud management capabilities allowing configuring and monitoring them over the internet. These three vulnerabilities have been named Demon’s Cries, Draconian Fear, and Seventh Inferno by the researcher who discovered them.
- Demon’s Cries
Demon’s Cries is an authentication bypass vulnerability and can allow an attacker to take complete control of a vulnerable device. A feature in Netgear devices called Netgear Smart Control Center (SCC) needs to be turned on for exploiting this vulnerability. By default, it’s turned off. This vulnerability has received a CVSSv3 score of 8.8 by vendor, although the researcher insists the severity of this vulnerability should be 9.8 and nothing less.
- Draconian Fear
The second flaw, referred to as Draconian Fear, can also allow an attacker to take complete control of a vulnerable device. The researcher refers to this vulnerability as “authentication hijacking,” where an attacker would need the same IP address as an admin to “hijack the session bootstrapping information.” The researcher further explains, “The obvious limiting factor here is the requirement for the attacker to either have the same IP as the admin (foothold on the same machine with limited privileges, same source NAT IP, etc.) or being able to spoof the IP with various low-level network shenanigans, as well winning a race condition with a 1-second window (pretty easy actually)“. This vulnerability has received a CVSSv3 score between 7.4 and 8.8 by the vendor, but the researcher has given it 7.8.
- Seventh Inferno
The details about this flaw are not disclosed and are expected to be available on or after 13th September 2021. This vulnerability has also received a CVSSv3 score between 7.4 and 8.8 by the vendor.
Following NETGEAR smart switch models are affected by these vulnerabilities:
The publicly available technical details and proof-of-concept (POC) exploit code for Demon’s Cries and Draconian Fear.
An attacker can bypass authentication and take control of a vulnerable device.
Netgear has released a fix for these vulnerabilities in the latest firmware versions.
- GC108P fixed in firmware version 184.108.40.206
- GC108PP fixed in firmware version 220.127.116.11
- GS108Tv3 fixed in firmware version 18.104.22.168
- GS110TPP fixed in firmware version 22.214.171.124
- GS110TPv3 fixed in firmware version 126.96.36.199
- GS110TUP fixed in firmware version 188.8.131.52
- GS308T fixed in firmware version 184.108.40.206
- GS310TP fixed in firmware version 220.127.116.11
- GS710TUP fixed in firmware version 18.104.22.168
- GS716TP fixed in firmware version 22.214.171.124
- GS716TPP fixed in firmware version 126.96.36.199
- GS724TPP fixed in firmware version 188.8.131.52
- GS724TPv2 fixed in firmware version 184.108.40.206
- GS728TPPv2 fixed in firmware version 220.127.116.11
- GS728TPv2 fixed in firmware version 18.104.22.168
- GS750E fixed in firmware version 22.214.171.124
- GS752TPP fixed in firmware version 126.96.36.199
- GS752TPv2 fixed in firmware version 188.8.131.52
- MS510TXM fixed in firmware version 184.108.40.206
- MS510TXUP fixed in firmware version 220.127.116.11
We recommend users of these products install the necessary Netgear security updates mentioned in the advisory as soon as possible to stay protected.