Hard-Coded Vulnerability in Netgear Switches Susceptible to Arbitrary Code Execution

0

A vulnerability found in Netgear ethernet switches could give an attacker full access to connected hardware along with the ability to log into the device and execute arbitrary code.

Netgear’s GS108PE Prosafe Plus ethernet switches running firmware version 1.2.0.5 are at risk to arbitrary code execution according to an analyst at CERT/CC’s Vulnerability Notes Database as of late last week. Specific Switches contain hard-coded login credentials that could allow attackers to seamlessly attack the firmware from a remote location and gain access to the connected hardware.

Default credentials found hard-coded into the switches can be used to authenticate any web server running on the device and allow attackers a trove of exploit points, according to Chris King, vulnerability analyst at CERT/CC.

Once inside the system, attackers can alter the device serial number and media access control address (MAC address) along with setting memory to a certain value to extract that value. The vulnerability also allows attackers the ability to upload new firmware via the bootcode_update common gateway interface.

While the vulnerability has now been publicly disclosed by Marc Olivier Chouinard, a programmer at the Canadian telecommunication firm MocTel, the vulnerability may be a lasting issue. In a Netgear.com FAQ from 2010, many Netgear devices, including the GS108PE, used to have the default password.

A study last summer found that thousands of devices hooked up to the internet used default login credentials, making them susceptible to attackers willing to analyze them.

The plug-and-play ethernet switches such as Netgrear’s are primarily used by small and medium sized businesses to loop network traffic, VoIP phones, and cameras through to their main infrastructure.

The security of these devices is critical, especially utilizing the switches while in the networking or telecom industry, as malware can seek out firmware running the default credentials and attack.

No solution or workaround has currently been found, and CERT/CC stated that it is unaware of any practical solution regarding the problem. The company also contacted Netgear last Thursday and received no immediate response by Monday.

About Author

Brandon Stosh is the founder and CEO of www.freedomhacker.net. Stosh is a cyber security researcher and professional consultant who strives to provide reliable news on cyber-security based topics.

Leave A Reply

Send this to friend