CVE-2021-40867

Exploit

EPSS 0.12%
Veröffentlicht 13.09.2021 08:15:13
Zuletzt bearbeitet 21.11.2024 06:24:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or already in possession of a foothold on an admin's machine). This occurs because the multi-step HTTP authentication process is effectively tied only to the source IP address. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ Gc108p Firmware Version < 1.0.8.2

Netgear ≫ Gc108p Version-

Netgear ≫ Gc108pp Firmware Version < 1.0.8.2

Netgear ≫ Gc108pp Version-

Netgear ≫ Gs108t Firmware Version < 7.0.7.2

Netgear ≫ Gs108tv3 Version-

Netgear ≫ Gs110tpp Firmware Version < 7.0.7.2

Netgear ≫ Gs110tpp Version-

Netgear ≫ Gs110tp Firmware Version < 7.0.7.2

Netgear ≫ Gs110tp Versionv3

Netgear ≫ Gs110tup Firmware Version < 1.0.5.3

Netgear ≫ Gs110tup Version-

Netgear ≫ Gs308t Firmware Version < 1.0.3.2

Netgear ≫ Gs308t Version-

Netgear ≫ Gs310tp Firmware Version < 1.0.3.2

Netgear ≫ Gs310tp Version-

Netgear ≫ Gs710tup Firmware Version < 1.0.5.3

Netgear ≫ Gs710tup Version-

Netgear ≫ Gs716tp Firmware Version < 1.0.4.2

Netgear ≫ Gs716tp Version-

Netgear ≫ Gs716tpp Firmware Version < 1.0.4.2

Netgear ≫ Gs716tpp Version-

Netgear ≫ Gs724tpp Firmware Version < 2.0.6.3

Netgear ≫ Gs724tpp Version-

Netgear ≫ Gs724tp Firmware Version < 2.0.6.3

Netgear ≫ Gs724tp Versionv2

Netgear ≫ Gs728tpp Firmware Version < 6.0.8.2

Netgear ≫ Gs728tpp Versionv2

Netgear ≫ Gs728tp Firmware Version < 6.0.8.2

Netgear ≫ Gs728tp Versionv2

Netgear ≫ Gs750e Firmware Version < 1.0.1.10

Netgear ≫ Gs750e Version-

Netgear ≫ Gs752tpp Firmware Version < 6.0.8.2

Netgear ≫ Gs752tpp Version-

Netgear ≫ Gs752tp Firmware Version < 6.0.8.2

Netgear ≫ Gs752tp Versionv2

Netgear ≫ Ms510txm Firmware Version < 1.0.4.2

Netgear ≫ Ms510txm Version-

Netgear ≫ Ms510txup Firmware Version < 1.0.4.2

Netgear ≫ Ms510txup Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.278

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	1.2	5.9	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.4	5.5	6.4	AV:A/AC:M/Au:N/C:P/I:P/A:P
cve@mitre.org	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145

Vendor Advisory

https://gynvael.coldwind.pl/?id=741

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-40867

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-40867

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-40867

EUVD