Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released


Netgear Smart Switches

New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices.

The flaw — dubbed “Seventh Inferno” (CVSS score: 9.8) — is part of a trio of security weaknesses, called Demon’s Cries (CVSS score: 9.8) and Draconian Fear (CVSS score: 7.8), that Google security engineer Gynvael Coldwind reported to the networking, storage, and security solutions provider.

The disclosure comes weeks after Netgear released patches to address the vulnerabilities earlier this month, on September 3.

Successful exploitation of Demon’s Cries and Draconian Fear could grant a malicious party the ability to change the administrator password without actually having to know the previous password or hijack the session bootstrapping information, resulting in a full compromise of the device.

Read more…