U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Netgear GS108PE Switches contain hard-coded login credentials

A vulnerability analyst at CERT/CC reported a security issue in Netgear GS108PE Prosafe Plus Switch which contains hard-coded login credentials. The CERT/CC has recently issued an alert for the presence of hard-coded login credentials in the Netgear GS108PE Prosafe Plus Switch (Vulnerability Note VU#143740). An attacker could exploit the security issue in the Netgear GS108PE Prosafe Plus Switch […]

Netgear GS108PE Switches contain hard-coded login credentials

A vulnerability analyst at CERT/CC reported a security issue in Netgear GS108PE Prosafe Plus Switch which contains hard-coded login credentials.

The CERT/CC has recently issued an alert for the presence of hard-coded login credentials in the Netgear GS108PE Prosafe Plus Switch (Vulnerability Note VU#143740).

An attacker could exploit the security issue in the Netgear GS108PE Prosafe Plus Switch to gain a remote access to the device, a bad actor could have full access to the hardware, including the ability to execute arbitrary code.

In reality the vulnerability is not new, the security issue has been known to the security community since 2010 as reported in the FAQ on Netgear.com, many of Netgear network devices have a default password.

According to an analyst at CERT/CC’s Vulnerability Notes Database, the Netgear’s GS108PE Prosafe Plus switches running version 1.2.0.5 are vulnerable to cyber attacks due to the presence of hard-coded log-in credentials in their firmware.

Netgear GS108PE 1

An attacker can also modify the serial number and MAC address of any vulnerable Netgear GS108PE device, it is also possible to set memory to a certain value and extract that value.

“Netgear GS108PE Prosafe Plus Switch contains hard-coded login credentials that can be used for authenticating to the web server running on the device. The username is ntgruser and the password is debugpassword. Once authenticated, the web server provides access to:

produce_burn.cgi : Modify the serial number and MAC address of the product
register_debug.cgi : Allow the user to manually set memory to a certain value and extract that value from it
bootcode_update.cgi : Allow the user to upload new firmware.” state the security advisory issued by Chris King, a vulnerability analyst at CERT/CC.

Last summer an Australian researcher with access to the data collected by the Carna botnet, also known as the Internet Census 2012, discovered thousands of devices exposed on the Internet vulnerable to cyber attacks due to wrong configuration, such as the use default login credentials.

Many of the inspected devices, like Netgear network appliances, belong to home users or small- and medium-sized businesses, their security is important, but the greatest concern is related to security of devices such as the Netgear GS108PE switches used in telecom and critical infrastructure.

Security experts are aware of the existence of malware that scan the internet searching for vulnerable devices to infect, and firmware running with default logins and passwords are a privileged target for bad actors.

The bad news in the case of Netgear GS108PE switch is that CERT/CC is currently unaware of a practical solution to this problem.

Pierluigi Paganini

(Security Affairs –  Netgear GS108PE, hacking)