Netgear GS108PE Switches contain hard-coded login credentials

Pierluigi Paganini July 08, 2014

A vulnerability analyst at CERT/CC reported a security issue in Netgear GS108PE Prosafe Plus Switch which contains hard-coded login credentials.

The CERT/CC has recently issued an alert for the presence of hard-coded login credentials in the Netgear GS108PE Prosafe Plus Switch (Vulnerability Note VU#143740).

An attacker could exploit the security issue in the Netgear GS108PE Prosafe Plus Switch to gain a remote access to the device, a bad actor could have full access to the hardware, including the ability to execute arbitrary code.

In reality the vulnerability is not new, the security issue has been known to the security community since 2010 as reported in the FAQ on Netgear.com, many of Netgear network devices have a default password.

According to an analyst at CERT/CC’s Vulnerability Notes Database, the Netgear’s GS108PE Prosafe Plus switches running version 1.2.0.5 are vulnerable to cyber attacks due to the presence of hard-coded log-in credentials in their firmware.

Netgear GS108PE 1

An attacker can also modify the serial number and MAC address of any vulnerable Netgear GS108PE device, it is also possible to set memory to a certain value and extract that value.

“Netgear GS108PE Prosafe Plus Switch contains hard-coded login credentials that can be used for authenticating to the web server running on the device. The username is ntgruser and the password is debugpassword. Once authenticated, the web server provides access to:

produce_burn.cgi : Modify the serial number and MAC address of the product
register_debug.cgi : Allow the user to manually set memory to a certain value and extract that value from it
bootcode_update.cgi : Allow the user to upload new firmware.” state the security advisory issued by Chris King, a vulnerability analyst at CERT/CC.

Last summer an Australian researcher with access to the data collected by the Carna botnet, also known as the Internet Census 2012, discovered thousands of devices exposed on the Internet vulnerable to cyber attacks due to wrong configuration, such as the use default login credentials.

Many of the inspected devices, like Netgear network appliances, belong to home users or small- and medium-sized businesses, their security is important, but the greatest concern is related to security of devices such as the Netgear GS108PE switches used in telecom and critical infrastructure.

Security experts are aware of the existence of malware that scan the internet searching for vulnerable devices to infect, and firmware running with default logins and passwords are a privileged target for bad actors.

The bad news in the case of Netgear GS108PE switch is that CERT/CC is currently unaware of a practical solution to this problem.

Pierluigi Paganini

(Security Affairs –  Netgear GS108PE, hacking)



you might also like

leave a comment