what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Netgear ProSafe Disclosure / Denial Of Service

Netgear ProSafe Disclosure / Denial Of Service
Posted Aug 22, 2013
Authored by Juan J. Guelfo | Site encripto.no

Netgear ProSafe switches suffer from denial of service and unauthenticated startup-config disclosure vulnerabilities.

tags | advisory, denial of service, vulnerability, info disclosure
advisories | CVE-2013-4775, CVE-2013-4776
SHA-256 | 43a3756b84b1b4f09e895b7cb2632952e0c09b238a17722bd1a812fdfc156a09

Netgear ProSafe Disclosure / Denial Of Service

Change Mirror Download
1. BACKGROUND

According to the vendor, Netgear ProSafe is a cost-effective line of smart switches for Small and Medium Businesses (SMBs). The products cover an essential set of network features and easy-to-use web-based management. Power over Ethernet (PoE) and Stacking versions are also available.


2. SUMMARY

A range of ProSafe switches are affected by two different vulnerabilities:
CVE-2013-4775: Unauthenticated startup-config disclosure.
CVE-2013-4776: Denial of Service vulnerability.


3. AFFECTED PRODUCTS AND SOFTWARE

CVE-2013-4775

GS724Tv3 and GS716Tv2 - firmware 5.4.1.13
GS724Tv3 and GS716Tv2 - firmware 5.4.1.10
GS748Tv4 - firmware 5.4.1.14
GS510TP - firmware 5.4.0.6
GS752TPS and GS728TPS - firmware 5.3.0.17
GS728TS and GS725TS - firmware 5.3.0.17
GS752TXS and GS728TXS - firmware 6.1.0.12


CVE-2013-4776

GS724Tv3 and GS716Tv2 - firmware 5.4.1.13
GS724Tv3 and GS716Tv2 - firmware 5.4.1.10
GS748Tv4 - firmware 5.4.1.14
GS510TP - firmware 5.0.4.4


4. VULNERABILITIES

The list below describes the vulnerabilities discovered in the affected software.


4.1 CVE-2013-4775: Unauthenticated startup-config disclosure

The web management application fails to restrict URL access to different application areas.
Remote, unauthenticated attackers could exploit this issue to download the device’s startup-config,
which contains administrator credentials in encrypted form.

[Proof of Concept]
The vulnerability can be exploited with a simple HTTP (GET) request.
Open a browser and visit http://Target-IP/filesystem/startup-config


4.2 CVE-2013-4776: Denial of Service vulnerability

The affected products are prone to a Denial of Service vulnerability. Remote, unauthenticated
attackers could exploit this issue to cause a switch reboot or crash, resulting in a loss of
network connectivity for all devices connected to the switch.

[Proof of Concept]
The vulnerability can be exploited with a simple HTTP (GET) request.
Open a browser and visit http://Target-IP/filesystem/


Implementation of a Proof of Concept for both vulnerabilities can be found here:
http://www.encripto.no/tools/netgear-prosafe-PoC.tar.gz


5. REMEDIATION

No firmware updates or fixes have been released yet.
As a mitigation, the vendor recommends configuring a separate management VLAN and configure
access control via “Security::Access::Access Control” or “Security::ACL::Advanced::IP Extended Rules”.


6. CREDIT

The vulnerabilities were originally discovered in a GS724Tv3 device, by Juan J. G├╝elfo at Encripto AS.
E-mail: post [at] encripto [dot] no
Web: http://www.encripto.no


Special thanks to Maarten Hoogcarspel and the Netgear Support Team for verifying other switch
models, and considering possible fixes.

For more information about Encripto’s research policy, please visit http://www.encripto.no/forskning/


7. REFERENCES

http://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2013.pdf
http://www.encripto.no/tools/netgear-prosafe-PoC.tar.gz


DISCLAIMER

The material presented in this document is for educational purposes only. Encripto AS cannot be
responsible for any loss or damage carried out by any technique presented in this material. The reader is
the only one responsible for applying this knowledge, which is at his / her own risk.
Any of the trademarks, service marks, collective marks, design rights, personality rights or similar rights
that are mentioned, used or cited in this document is property of their respective owners.
Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    17 Files
  • 26
    Sep 26th
    3 Files
  • 27
    Sep 27th
    13 Files
  • 28
    Sep 28th
    5 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close