Cybersecurity experts found three vulnerabilities in over a dozen models of Netgear’s smart switches which could be exploited to take control of the vulnerable devices.
Discovered and reported by security researcher Gynvael Coldwind, Netgear has plugged all three vulnerabilities urging users of affected devices to apply the patches immediately.
Coldwind has published details as well as proof-of-concept (PoC) exploit code of two of the three vulnerabilities.
- We've put together a list of the best endpoint protection software
- Check our list of the best firewall apps and services
- We’ve also compiled a list of the best small business routers
According to BleepingComputer, while most of the twenty affected devices are smart switches, some of them include cloud management capabilities, and can be monitored and configured over the internet.
Device control
Although Netgear’s advisory doesn’t include any technical details about the bugs, Coldwind has been a lot more forthcoming.
Sharing details about the attack vectors of two of the vulnerabilities, Coldwind lists the scenarios in which affected devices can be exploited to hand over complete control to the attackers.
Interestingly, Coldwind believes that Netgear has been a little conservative in their severity score assessment of the vulnerabilities, particularly for one of them he’s dubbed Demon's Cries. While Netgear has rated it as highly severe with a score of 8.8, Coldwind believes it deserves a critical score of 9.8.
Exploiting the flaw reportedly requires that the Netgear Smart Control Center (SCC) feature is active, which it isn’t by default.
Talking to BleepingComputer, Coldwind says that the second bug that he’s named Draconian Fear is “more interesting than dangerous” since it requires quite a bit of legwork.
He’ll share details about the third vulnerability at the start of next week, on September, 13, 2021.
- Protect your devices with these best antivirus software
Via BleepingComputer
