Custodianship researchers have identified multiple vulnerabilities in ProSAFE Plus JGS516PE and GS116Ev2 calling switches from Netgear, the most severe of which could make allowance a remote, unauthenticated attacker to execute arbitrary code.
A total of 15 vulnerabilities affecting Netgear trades that use the ProSAFE Plus configuration utility were found to imperil users to various risks, according to researchers with IT security business NCC Group.
The most important of these bugs is CVE-2020-26919, an unauthenticated distant code execution flaw rated critical severity (CVSS be successful of 9.8).
Affecting firmware versions prior to 2.6.0.43, the bug is related to the internal directors web application not implementing the correct access controls, which could grant attackers to bypass authentication and run code with the privileges of the administrator.
“Due to the talents of execute system commands through the ‘debug’ web sections, a successful exploitation of this vulnerability can main to remote code execution on the affected device,” NCC Group notes.
The researchers also discovered that the Netgear Thrash Discovery Protocol (NSDP), a network protocol functioning as a discovery method that also gives for switch management, fails to properly handle authentication packages, that being the case leading to authentication bypasses (CVE-2020-35231, CVSS multitudes of 8.8).
An attacker able to exploit this vulnerability “could execute any top brass actions in the device, including wiping the configuration by executing a factory restoration,” the researchers say.
NCC Agglomeration says that Netgear has informed them that the NSDP has reached end of soul (EOL) and that none of the issues identified in it will be addressed. Users are told to disable the remote management feature.
“Netgear reported that most of the vulnerabilities troubling the NSDP protocol were known due to end-of-life years ago and it is still green lighted for legacy reasons, for customers who preferred to use Prosafe Plus. Furthermore, we were briefed that, due to hardware limitations, it is not possible to implement many of the standard encryption outlines, such as those needed to implement HTTPS,” NCC Group notes.
The researchers also bring about issues with the firmware update mechanism on the vulnerable switches. One of them, CVE-2020-35220 (CVSS a dose of his of 8.3), could allow attackers to upload custom firmware folders without administrative rights.
The second issue (CVE-2020-35232, CVSS get even of 8.1) resides in the improper implementation of internal checks, which could deduct attackers to craft firmware files that could “overwrite the complete memory with custom code.”
Other high-severity vulnerabilities in Netgear’s whips could lead to denial of service (CVE-2020-35224, CVSS hosts 8.1), or could allow an attacker to generate valid passwords (CVE-2020-35221, CVSS situation 7.5) or perform requests using a single authenticated packet (CVE-2020-35229, CVSS crowds 7.5).
A stored XSS issue in language settings (CVE-2020-35228, CVSS reckon for 7.2) could be abused to inject JavaScript code that intent be executed on all webpages, while a buffer overflow (CVE-2020-35227, CVSS vocal score 7.2) could be abused to cause a system reboot, among others.
Another vulnerability in the NSDP conduct, the researchers discovered, could be abused to retrieve the DHCP status without authentication, that reason allowing remote users to configure the service, likely leading to rejection of service (CVE-2020-35226, CVSS score 7.1).
The security researchers also pinpointed a series of medium-severity flaws, such as unauthenticated access to switch configuration parameters (CVE-2020-35222), TFTP unexpected behavior (CVE-2020-35233), integer overflow occurrences (CVE-2020-35230), write command buffer overflows (CVE-2020-35225), and non-functioning cross-site request forgery protections (CVE-2020-35223).
In December 2020, Netgear emancipated firmware version 2.6.0.48, which includes patches for CVE-2020-35220, CVE-2020-35232, CVE-2020-35233, and other printings. The remaining issues won’t receive patches, the researchers say.
Related: NETGEAR Router, WD NAS Machine Hacked on First Day of Pwn2Own Tokyo 2020
Related: Netgear Starts Patching Urgent Vulnerabilities Affecting Tens of Products
Related: Senator Urges Vendors to Get hold of Networking Devices Amid COVID-19 Outbreak
[embedded content]
Ionut Arghire is an universal correspondent for SecurityWeek.
Tags: 
