Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Security Advisory for Multiple Vulnerabilities on Several NETGEAR Smart Switches
Image
Published : 08/09/2021
Reference:
Advisory #2021-018
Version:
1.0
Affected software:
GC108P (fixed in firmware version 1.0.8.2)
GC108PP (fixed in firmware version 1.0.8.2)
GS108Tv3 (fixed in firmware version 7.0.7.2)
GS110TPP (fixed in firmware version 7.0.7.2)
GS110TPv3 (fixed in firmware version 7.0.7.2)
GS110TUP (fixed in firmware version 1.0.5.3)
GS308T (fixed in firmware version 1.0.3.2)
GS310TP (fixed in firmware version 1.0.3.2)
GS710TUP (fixed in firmware version 1.0.5.3)
GS716TP (fixed in firmware version 1.0.4.2)
GS716TPP (fixed in firmware version 1.0.4.2)
GS724TPP (fixed in firmware version 2.0.6.3)
GS724TPv2 (fixed in firmware version 2.0.6.3)
GS728TPPv2 (fixed in firmware version 6.0.8.2)
GS728TPv2 (fixed in firmware version 6.0.8.2)
GS750E (fixed in firmware version 1.0.1.10)
GS752TPP (fixed in firmware version 6.0.8.2)
GS752TPv2 (fixed in firmware version 6.0.8.2)
MS510TXM (fixed in firmware version 1.0.4.2)
MS510TXUP (fixed in firmware version 1.0.4.2)
Type:
Remote Code Execution (RCE)
CVE/CVSS:
- Demon's Cries (CVSS score: 9.8)
- Draconian Fear (CVSS score: 7.8)
- Seventh Inferno (TBD).
Sources
https://gynvael.coldwind.pl/?id=740
Risks
The Centre for Cyber security Belgium (CCB), is aware of an actively exploited vulnerability targeting those Smart Switches. A remote attacker could exploit this vulnerability to take control of a vulnerable system.
Description
The "Demon's cries" flaw combines authentication bypass, authentication hijacking, and a third, as-yet-undisclosed vulnerability that could grant an attacker the ability to change the administrator password without actually having to know the previous password or hijack the session bootstrapping information, resulting in a full compromise of the device.
The "Draconian Fear" flaw, on the other hand, requires the attacker to either have the same IP address as the admin or be able to spoof the address through other means.. In such a scenario, the malicious party can take advantage of the fact that the Web UI relies only on the IP and a trivially guessable "userAgent" string to flood the authentication endpoint with multiple requests.
Recommended Actions
To download the latest firmware for your NETGEAR product:
- Visit NETGEAR Support.
- Start typing your model number in the search box, then select your model from the drop-down menu as soon as it appears.
If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for your product model. - Click Downloads.
- Under Current Versions, select the first download whose title begins with Firmware Version.
- Click Download.
- (Optional) To view the release notes for this firmware version, click Release Notes.
- Unzip the new firmware to an easy-to-find location, such as your desktop.
The CCB advises administrators of those infrastructure NETGEAR Smart Switches to follow the advice of NETGEAR and apply the necessary updates immediately.
The CCB advises organisations to upscale monitoring and detection capabilities to detect any related suspicious activity to ensure a fast response in case of an intrusion.