Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Unpatched Flaws in Netgear Business Switches Expose Organizations to Attacks

Security researchers have identified multiple vulnerabilities in ProSAFE Plus JGS516PE and GS116Ev2 business switches from Netgear, the most severe of which could allow a remote, unauthenticated attacker to execute arbitrary code.

Security researchers have identified multiple vulnerabilities in ProSAFE Plus JGS516PE and GS116Ev2 business switches from Netgear, the most severe of which could allow a remote, unauthenticated attacker to execute arbitrary code.

A total of 15 vulnerabilities affecting Netgear switches that use the ProSAFE Plus configuration utility were found to expose users to various risks, according to researchers with IT security firm NCC Group.

The most important of these bugs is CVE-2020-26919, an unauthenticated remote code execution flaw rated critical severity (CVSS score of 9.8).

Affecting firmware versions prior to 2.6.0.43, the bug is related to the internal management web application not implementing the correct access controls, which could allow attackers to bypass authentication and run code with the privileges of the administrator.

“Due to the ability of execute system commands through the ‘debug’ web sections, a successful exploitation of this vulnerability can lead to remote code execution on the affected device,” NCC Group notes.

The researchers also discovered that the Netgear Switch Discovery Protocol (NSDP), a network protocol functioning as a discovery method that also allows for switch management, fails to properly handle authentication packages, thus leading to authentication bypasses (CVE-2020-35231, CVSS score of 8.8).

An attacker able to exploit this vulnerability “could execute any management actions in the device, including wiping the configuration by executing a factory restoration,” the researchers say.

Advertisement. Scroll to continue reading.

NCC Group says that Netgear has informed them that the NSDP has reached end of life (EOL) and that none of the issues identified in it will be addressed. Users are advised to disable the remote management feature.

“Netgear reported that most of the vulnerabilities affecting the NSDP protocol were known due to end-of-life years ago and it is still enabled for legacy reasons, for customers who preferred to use Prosafe Plus. Furthermore, we were informed that, due to hardware limitations, it is not possible to implement many of the standard encryption protocols, such as those needed to implement HTTPS,” NCC Group notes.

The researchers also found issues with the firmware update mechanism on the vulnerable switches. One of them, CVE-2020-35220 (CVSS score of 8.3), could allow attackers to upload custom firmware files without administrative rights.

The second issue (CVE-2020-35232, CVSS score of 8.1) resides in the improper implementation of internal checks, which could allow attackers to craft firmware files that could “overwrite the entire memory with custom code.”

Other high-severity vulnerabilities in Netgear’s switches could lead to denial of service (CVE-2020-35224, CVSS score 8.1), or could allow an attacker to generate valid passwords (CVE-2020-35221, CVSS score 7.5) or perform requests using a single authenticated packet (CVE-2020-35229, CVSS score 7.5).

A stored XSS issue in language settings (CVE-2020-35228, CVSS score 7.2) could be abused to inject JavaScript code that would be executed on all webpages, while a buffer overflow (CVE-2020-35227, CVSS score 7.2) could be abused to cause a system reboot, among others.

Another vulnerability in the NSDP protocol, the researchers discovered, could be abused to retrieve the DHCP status without authentication, thus allowing remote users to configure the service, likely leading to denial of service (CVE-2020-35226, CVSS score 7.1).

The security researchers also identified a series of medium-severity flaws, such as unauthenticated access to switch configuration parameters (CVE-2020-35222), TFTP unexpected behavior (CVE-2020-35233), integer overflow instances (CVE-2020-35230), write command buffer overflows (CVE-2020-35225), and ineffective cross-site request forgery protections (CVE-2020-35223).

In December 2020, Netgear released firmware version 2.6.0.48, which includes patches for CVE-2020-35220, CVE-2020-35232, CVE-2020-35233, and other issues. The remaining issues won’t receive patches, the researchers say.

Related: NETGEAR Router, WD NAS Device Hacked on First Day of Pwn2Own Tokyo 2020

Related: Netgear Starts Patching Serious Vulnerabilities Affecting Tens of Products

Related: Senator Urges Vendors to Secure Networking Devices Amid COVID-19 Outbreak

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...