Your hacker Blog

Expert discloses details and PoC code for Netgear Seventh Inferno bug

A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and take over impacted devices.

Researchers provided technical details about a recently addressed critical vulnerability, dubbed Seventh Inferno, in Netgear smart switches that could be exploited by an attacker to potentially execute malicious code and take control of the affected devices.

The Seventh Inferno vulnerability received a CVSS score of 9.8, it was spotted with other two bugs, respectively tracked as Demon’s Cries (CVSS score: 9.8) and Draconian Fear (CVSS score: 7.8).

The flaws were discovered by Google security engineer Gynvael Coldwind, Netgear addressed then early this month.

The flaws, tracked by the networking device vendor PSV-2021-0140, PSV-2021-0144, and PSV-2021-0145, impact the following models:

GC108PGC108PPGS108Tv3GS110TPPGS110TPv3GS110TUPGS308TGS310TPGS710TUPGS716TPGS716TPPGS724TPPGS724TPv2GS728TPPv2GS728TPv2GS750EGS752TPPGS752TPv2MS510TXMMS510TXUPNetgear has released security patches to fix them on September 3.

“NETGEAR just patched 3 reported vulnerabilities (Demon’s Cries, Draconian Fear and Seventh Inferno) in some managed (smart) switches. If you or your company owns any of these devices, please patch now.” Coldwind explained.

“P.S. This vulnerability [Seventh Inferno] and exploit chain is actually quite interesting technically. In short, it goes from a newline injection in the password field, through being able to write a file with constant uncontrolled content of 2 (like, one byte 32h), through a DoS and session crafting (which yields an admin web UI user), to an eventual post-auth shell injection (which yields full root).”

The expert also released the PoC for this vulnerability, the code first reboots the switch, then fakes a new session and exploits the post-auth RCE.

NETGEAR urge its customers using the following products to download the latest firmware:

GC108P fixed in firmware version 1.0.8.2GC108PP fixed in firmware version 1.0.8.2GS108Tv3 fixed in firmware version 7.0.7.2GS110TPP fixed in firmware version 7.0.7.2GS110TPv3 fixed in firmware version 7.0.7.2GS110TUP fixed in firmware version 1.0.5.3GS308T fixed in firmware version 1.0.3.2GS310TP fixed in firmware version 1.0.3.2GS710TUP fixed in firmware version 1.0.5.3GS716TP fixed in firmware version 1.0.4.2GS716TPP fixed in firmware version 1.0.4.2GS724TPP fixed in firmware version 2.0.6.3GS724TPv2 fixed in firmware version 2.0.6.3GS728TPPv2 fixed in firmware version 6.0.8.2GS728TPv2 fixed in firmware version 6.0.8.2GS750E fixed in firmware version 1.0.1.10GS752TPP fixed in firmware version 6.0.8.2GS752TPv2 fixed in firmware version 6.0.8.2MS510TXM fixed in firmware version 1.0.4.2MS510TXUP fixed in firmware version 1.0.4.2Follow me on Twitter: @securityaffairs and Facebook

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}

try {
window._mNHandle.queue.push(function (){
window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”);
});
}
catch (error) {}
Pierluigi Paganini

(SecurityAffairs – hacking, Netgear)

The post Expert discloses details and PoC code for Netgear Seventh Inferno bug appeared first on Security Affairs.