Netgear smart switches could have been hijacked by serious security flaws
Luckily Netgear says it patched the bugs early
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybersecurityexperts found three vulnerabilities in over a dozen models ofNetgear’ssmart switcheswhich could be exploited to take control of the vulnerable devices.
Discovered and reported by security researcher Gynvael Coldwind, Netgear has plugged all three vulnerabilities urging users of affected devices to apply the patches immediately.
Coldwind has published details as well as proof-of-concept (PoC) exploit code of two of the three vulnerabilities.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
Click here to start the survey in a new window«
According toBleepingComputer, while most of the twenty affected devices are smart switches, some of them include cloud management capabilities, and can be monitored and configured over the internet.
Device control
AlthoughNetgear’s advisorydoesn’t include any technical details about the bugs, Coldwind has been a lot more forthcoming.
Sharing details about the attack vectors of two of the vulnerabilities, Coldwindliststhe scenarios in which affected devices can be exploited to hand over complete control to the attackers.
Interestingly, Coldwind believes that Netgear has been a little conservative in their severity score assessment of the vulnerabilities, particularly for one of them he’s dubbedDemon’s Cries. While Netgear has rated it as highly severe with a score of 8.8, Coldwind believes it deserves a critical score of 9.8.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Exploiting the flaw reportedly requires that the Netgear Smart Control Center (SCC) feature is active, which it isn’t by default.
Talking toBleepingComputer, Coldwind says that thesecond bugthat he’s namedDraconian Fearis “more interesting than dangerous” since it requires quite a bit of legwork.
He’ll share details about the third vulnerability at the start of next week, on September, 13, 2021.
ViaBleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Google TV will require more RAM for future upgrades – which might leave older TVs and streaming boxes behind
