NETGEAR Router Operating System Software Vulnerability

Mirza Silajdzic
Mirza Silajdzic
By: Mirza Silajdzic Reading time: 2 minutes
Photo of NETGEAR Building
© Michael Vi/Shutterstock.com

Software vulnerabilities, also known by the IT cybersecurity community as bugs, security flaws, errors in code, and software weaknesses have been in the spotlight recently. In fact, software weaknesses, in general, have been a hot topic in 2021, in addition to ransomware. Corporate software exploits are popular amongst cybercriminals, as there is more profit to be had this way.

When it comes to network equipment and enterprise gear, given that they are the first defense wall between incoming network traffic and the operating system, it is crucial to patch any vulnerabilities as quickly as possible to avoid any exploits leading to malicious actors breaking in. Especially because a lot of machines can be linked to this hardware equipment, security issues put them and the users at direct risk of malicious actors.

About NETGEAR

NETGEAR is a multi-billion dollar computer networking company established in 1996, that operates multi-nationally. NETGEAR’s products and solutions are sold in an estimated 24,000 retail locations worldwide. The company produces widely used networking equipment such as; switches, routers, gateways, wireless access points, surveillance, and NAS (Network Attached Storage) products.

The NETGEAR Router Series Operating System Software Vulnerability

Both the public CVE (Common Exposures and Vulnerabilities) software vulnerability database as well as private sources have reported a software vulnerability issue with the NETGEAR ‘Smart Switches’. The vulnerability was marked as critical. The issue affects several versions of the NETGEAR router operating system (OS.) The issue portrays weak authentication in unpatched software. In addition, a remote attack can easily be launched by a malicious actor due to the authentication weaknesses and issues with unknown functionality of the HTTP Authentication Handler component. These issues impact confidentiality, integrity, and availability.

Technical Details

The vulnerability type was reported as an improper authentication issue affecting HTTP authentication. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available at the moment.

Vulnerable Software Devices

The following NETGEAR routers are vulnerable (if an unpatched OS is present) to the above critical vulnerability; Netgear GC108P, GC108PP, GS108Tv3, GS110TPP, GS110TPv3, GS110TUP, GS308T, GS310TP, GS710TUP, GS716TP, GS716TPP, GS724TPP, GS724TPv2, GS728TPPv2, GS728TPv2, GS750E, GS752TPP, GS752TPv2, MS510TXM, and MS510TXUP.

Important User Information

Users need to know that a fix has been released in the meantime. The fix can be found in NETGEAR’s Security Advisory section.

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.
More recent news about Cybersecurity
Leave a comment
Leave a comment