CRITICAL AUTH BYPASS BUG AFFECT NETGEAR SMART SWITCHES — PATCH AND POC RELEASED
Networking, storage, and security solutions provider Netgear on Friday issued patches to address three security vulnerabilities affecting its smart switches that could be abused by an adversary to gain full control of a vulnerable device.
The flaws, which were discovered and reported to Netgear by Google security engineer Gynvael Coldwind, impact the following models:
- GC108P (fixed in firmware version 1.0.8.2)
- GC108PP (fixed in firmware version 1.0.8.2)
- GS108Tv3 (fixed in firmware version 7.0.7.2)
- GS110TPP (fixed in firmware version 7.0.7.2)
- GS110TPv3 (fixed in firmware version 7.0.7.2)
- GS110TUP (fixed in firmware version 1.0.5.3)
- GS308T (fixed in firmware version 1.0.3.2)
- GS310TP (fixed in firmware version 1.0.3.2)
- GS710TUP (fixed in firmware version 1.0.5.3)
- GS716TP (fixed in firmware version 1.0.4.2)
- GS716TPP (fixed in firmware version 1.0.4.2)
- GS724TPP (fixed in firmware version 2.0.6.3)
- GS724TPv2 (fixed in firmware version 2.0.6.3)
- GS728TPPv2 (fixed in firmware version 6.0.8.2)
- GS728TPv2 (fixed in firmware version 6.0.8.2)
- GS750E (fixed in firmware version 1.0.1.10)
- GS752TPP (fixed in firmware version 6.0.8.2)
- GS752TPv2 (fixed in firmware version 6.0.8.2)
- MS510TXM (fixed in firmware version 1.0.4.2)
- MS510TXUP (fixed in firmware version 1.0.4.2)
In light of the critical nature of the vulnerabilities, companies relying on the aforementioned Netgear switches are recommended to upgrade to the latest version as soon as possible to mitigate any potential exploitation risk. Please get with your IT ASAP and make sure they check and apply the patches.
If you have questions, please do not hesitate to reach out to our security team at [email protected].