# Multiple Vulnerabilities - Netgear GS105Ev2 ## Product Vendor: Netgear Model: GS105Ev2 Firmware version: 1.3.0.3,1.4.0.2 Reference: http://ift.tt/1SjFEgJ Netgear GS105Ev2 is a Gigabit switch with 5 ports targeting SMBs. The switch can be configured by a web application and a netgear configuration utility. The netgear configuration utility uses a proprietary protocol - the so-called Netgear Switch Discovery Protocol (NSDP) - to manage and configure switches. The configuration is protected by a password. ## Status/Metrics/Identifier Status: unfixed CVSS v2 Vector: (AV:A/AC:L/Au:N/C:C/I:C/A:C) CVSS Score: 8.3 CVE-ID: n/A The highest risk is represented by the authentication bypass. This is reflected by the score. ## Author/Credits Benedikt Westermann (TÜV Rheinland i-sec GmbH) ## Authentication bypass in NSDP The implementation of the NSDP on the GS105Ev2 (and possibly also other switches) is flawed. An attacker with access to the broadcast domain of the switch can bypass the authentication process. This allows the attacker to gain full control of the switch, i.e., he can modify a particular configuration or flash another firmware to the the switch. ### Detailed Description of the Vulnerability The NSDP is a simple stateless protocol. It consists of a header, a trailer, and a body consisting of an array of type-length-value triplets. The general structure is depicted below.
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment