Critical Auth Bypass Flaw Hit NETGEAR Smart Switches — Patch and PoC Released

12
Critical Auth Bypass Flaw Hit NETGEAR Smart Switches — Patch and PoC Released

Netgear, a provider of networking, storage, and security solutions, has released updates to fix three security flaws in its smart switches that can be exploited by an attacker to take complete control of a vulnerable device. 

According to Coldwind, the flaws involve an authentication bypass, an authentication hijacking, and a third, yet-to-be-disclosed vulnerability that could allow an attacker to change the administrator password without knowing the previous password or hijack the session bootstrapping information, resulting in a complete device compromise.

Demon’s Cries (CVSS score: 9.8), Draconian Fear (CVSS score: 7.8), and Seventh Inferno (TBD) are the codenames for the three vulnerabilities.

To Read More: The Hacker News

For more such updates follow us on Google News ITsecuritywire News.