PT-2021-22993 · NetGear · Netgear Gs110Tpp+15
Gynvael Coldwind
·
Published
2021-09-13
·
Updated
2023-08-08
·
CVE-2021-40866
CVSS v3.1
9.8
Critical
| Vector | AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions
NETGEAR GC108P versions prior to 1.0.8.2
NETGEAR GC108PP versions prior to 1.0.8.2
NETGEAR GS108Tv3 versions prior to 7.0.7.2
NETGEAR GS110TPP versions prior to 7.0.7.2
NETGEAR GS110TPv3 versions prior to 7.0.7.2
NETGEAR GS110TUP versions prior to 1.0.5.3
NETGEAR GS308T versions prior to 1.0.3.2
NETGEAR GS310TP versions prior to 1.0.3.2
NETGEAR GS710TUP versions prior to 1.0.5.3
NETGEAR GS716TP versions prior to 1.0.4.2
NETGEAR GS716TPP versions prior to 1.0.4.2
NETGEAR GS724TPP versions prior to 2.0.6.3
NETGEAR GS724TPv2 versions prior to 2.0.6.3
NETGEAR GS728TPPv2 versions prior to 6.0.8.2
NETGEAR GS728TPv2 versions prior to 6.0.8.2
NETGEAR GS750E versions prior to 1.0.1.10
NETGEAR GS752TPP versions prior to 6.0.8.2
NETGEAR GS752TPv2 versions prior to 6.0.8.2
NETGEAR MS510TXM versions prior to 1.0.4.2
NETGEAR MS510TXUP versions prior to 1.0.4.2
Description
The issue allows an unauthenticated attacker to change the admin password remotely via the
/sqfs/bin/sccd daemon. This daemon fails to check authentication when the authentication TLV is missing from a received NSDP packet. The /sqfs/bin/sccd daemon is disabled by default.Recommendations
Update NETGEAR GC108P to version 1.0.8.2 or later.
Update NETGEAR GC108PP to version 1.0.8.2 or later.
Update NETGEAR GS108Tv3 to version 7.0.7.2 or later.
Update NETGEAR GS110TPP to version 7.0.7.2 or later.
Update NETGEAR GS110TPv3 to version 7.0.7.2 or later.
Update NETGEAR GS110TUP to version 1.0.5.3 or later.
Update NETGEAR GS308T to version 1.0.3.2 or later.
Update NETGEAR GS310TP to version 1.0.3.2 or later.
Update NETGEAR GS710TUP to version 1.0.5.3 or later.
Update NETGEAR GS716TP to version 1.0.4.2 or later.
Update NETGEAR GS716TPP to version 1.0.4.2 or later.
Update NETGEAR GS724TPP to version 2.0.6.3 or later.
Update NETGEAR GS724TPv2 to version 2.0.6.3 or later.
Update NETGEAR GS728TPPv2 to version 6.0.8.2 or later.
Update NETGEAR GS728TPv2 to version 6.0.8.2 or later.
Update NETGEAR GS750E to version 1.0.1.10 or later.
Update NETGEAR GS752TPP to version 6.0.8.2 or later.
Update NETGEAR GS752TPv2 to version 6.0.8.2 or later.
Update NETGEAR MS510TXM to version 1.0.4.2 or later.
Update NETGEAR MS510TXUP to version 1.0.4.2 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Netgear Gc108P
Netgear Gs108Tv3
Netgear Gs110Tpp
Netgear Gs110Tpv3
Netgear Gs308T
Netgear Gs310Tp
Netgear Gs710Tup
Netgear Gs716Tp
Netgear Gs724Tpp
Netgear Gs724Tpv2
Netgear Gs728Tpv2
Netgear Gs750E
Netgear Gs752Tpp
Netgear Gs752Tpv2
Netgear Ms510Txm
Netgear Ms510Txup