Netgear fixes severe security bugs in over a dozen smart switches

silversurfer

Level 83
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,275
Netgear has released firmware updates for more than a dozen of its smart switches used on corporate networks to address high-severity vulnerabilities.

The company fixed three security flaw that affect 20 Netgear products, mostly smart switches. Technical details and proof-of-concept (PoC) exploit code for two of the bugs are publicly available.

An advisory from Netgear on Friday informs that a new firmware version is available for some of its switches impacted by three security vulnerabilities that received severity scores between 7.4 and 8.8 on a scale of 10.

Netgear identifies the bugs as PSV-2021-0140, PSV-2021-0144, PSV-2021-0145, as tracking numbers have yet to be assigned. Many of the affected products are smart switches, some of them with cloud management capabilities that allows configuring and monitoring them over the web.
  • GC108P (latest firmware version: 1.0.8.2)
  • GC108PP (latest firmware version: 1.0.8.2)
  • GS108Tv3 (latest firmware version: 7.0.7.2)
  • GS110TPP (latest firmware version: 7.0.7.2)
  • GS110TPv3 (latest firmware version: 7.0.7.2)
  • GS110TUP (latest firmware version: 1.0.5.3)
  • GS308T (latest firmware version: 1.0.3.2)
  • GS310TP (latest firmware version: 1.0.3.2)
  • GS710TUP (latest firmware version: 1.0.5.3)
  • GS716TP (latest firmware version: 1.0.4.2)
  • GS716TPP (latest firmware version: 1.0.4.2)
  • GS724TPP (latest firmware version: 2.0.6.3)
  • GS724TPv2 (latest firmware version: 2.0.6.3)
  • GS728TPPv2 (latest firmware version: 6.0.8.2)
  • GS728TPv2 (latest firmware version: 6.0.8.2)
  • GS750E (latest firmware version: 1.0.1.10)
  • GS752TPP (latest firmware version: 6.0.8.2)
  • GS752TPv2 (latest firmware version: 6.0.8.2)
  • MS510TXM (latest firmware version: 1.0.4.2)
  • MS510TXUP (latest firmware version: 1.0.4.2)
Netgear’s advisory leaves out any technical details about the bugs but “strongly recommends that you download the latest firmware as soon as possible.”
 

silversurfer

Level 83
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,275
New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices.

The flaw — dubbed "Seventh Inferno" (CVSS score: 9.8) — is part of a trio of security weaknesses, called Demon's Cries (CVSS score: 9.8) and Draconian Fear (CVSS score: 7.8), that Google security engineer Gynvael Coldwind reported to the networking, storage, and security solutions provider.