Researchers provided technical details about a recently addressed critical vulnerability, dubbed Seventh Inferno, in Netgear smart switches that could be exploited by an attacker to potentially execute malicious code and take control of the affected devices.
The Seventh Inferno vulnerability received a CVSS score of 9.8, it was spotted with other two bugs, respectively tracked as Demon’s Cries (CVSS score: 9.8) and Draconian Fear (CVSS score: 7.8).
The flaws were discovered by Google security engineer Gynvael Coldwind, Netgear addressed then early this month.
The flaws, tracked by the networking device vendor PSV-2021-0140, PSV-2021-0144, and PSV-2021-0145, impact the following models:
Netgear has released security patches to fix them on September 3.
“NETGEAR just patched 3 reported vulnerabilities (Demon’s Cries, Draconian Fear and Seventh Inferno) in some managed (smart) switches. If you or your company owns any of these devices, please patch now.” Coldwind explained.
“P.S. This vulnerability [Seventh Inferno] and exploit chain is actually quite interesting technically. In short, it goes from a newline injection in the password field, through being able to write a file with constant uncontrolled content of 2 (like, one byte 32h), through a DoS and session crafting (which yields an admin web UI user), to an eventual post-auth shell injection (which yields full root).”
The expert also released the PoC for this vulnerability, the code first reboots the switch, then fakes a new session and exploits the post-auth RCE.
NETGEAR urge its customers using the following products to download the latest firmware:
(SecurityAffairs – hacking, Netgear)