Multiple vulnerabilities were found in Netgear ProSafe Plus JGS516PE switches that may pose a serious risk to their users. The most critical vulnerability could allow unauthenticated users to gain arbitrary code execution.
The following vulnerabilities were the most relevant identified during the internal research:
Netgear reported that most of the vulnerabilities affecting the NSDP protocol were known due to end-of-life years ago and it is still enabled for legacy reasons, for customers who preferred to use Prosafe Plus. Furthermore, we were informed that, due to hardware limitations, it is not possible to implement many of the standard encryption protocols, such as those needed to implement HTTPS.
Technical Advisories:
Vendor: Netgear Inc.Vendor URL: https://www.netgear.com/
Versions affected: prior to 2.6.0.43
Systems Affected: Netgear ProSAFE Plus JGS516PE / GS116Ev2
Author: Manuel Ginés Rodríguez - manuel.gines[at]nccgroup[dot]com
CVE Identifier: CVE-2020-26919
Advisory URL: https://kb.netgear.com/000062334/Security-Advisory-for-Missing-Function-Level-Access-Control-on-JGS516PE-PSV-2020-0377
Severity: 9.8 (Critical) - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The switch internal management web application in firmware versions prior to 2.6.0.43 failed to correctly implement access controls in one of its endpoints, allowing unauthenticated attackers to bypass authentication and execute actions with administrator privileges.
Impact
Due to the ability of execute system commands through the “debug” web sections, a successful exploitation of this vulnerability can lead to remote code execution on the affected device.
Details
It was found that every section of the web could be used as a valid endpoint to submit POST requests being the action defined by the submitId argument.
The problem was located in the login.html webpage, that h ..
Support the originator by clicking the read the rest link below.
