CVE-2017-18862

Vulnerability

An authentication bypass vulnerability affects multiple NETGEAR Web Managed Switch models, including JGS516PE, JGS524Ev2, JGS524PE, GS105Ev2, GS105PE, GS108Ev3, GS108PEv3, GS116Ev2, GSS108E, GSS116E, XS708Ev2, and XS716E [1]. The issue is present in firmware versions before 2017-05-11. The vulnerability allows an attacker on the same subnet as the switch to bypass authentication and access the device's configuration file and password [1].

Exploitation

An attacker must be on the same subnet as the affected switch [1]. No authentication is required to trigger the vulnerability. The attacker sends crafted traffic to the switch, bypassing the authentication mechanism and gaining unauthorized access to the device's web interface and underlying configuration data [1].

Impact

Successful exploitation grants the attacker read access to the configuration file and password of the switch [1]. This can lead to compromise of network device credentials and potentially wider network infiltration. The attacker does not gain administrative privileges on the switch itself, but the disclosure of configuration data and passwords can be leveraged for further attacks.

Mitigation

NETGEAR has released firmware fixes for all affected products prior to May 11, 2017 [1]. Users should update to the latest firmware version available from the NETGEAR Download Center [1]. No workarounds are provided; the only mitigation is to apply the firmware update. This vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.