PT-2021-23269 · NetGear · Gs110Tpv3+16

Gynvael Coldwind

Published

2021-09-16

Updated

2022-07-12

CVE-2021-41314

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GC108P versions prior to 1.0.8.2 GC108PP versions prior to 1.0.8.2 GS108Tv3 versions prior to 7.0.7.2 GS110TPP versions prior to 7.0.7.2 GS110TPv3 versions prior to 7.0.7.2 GS110TUP versions prior to 1.0.5.3 GS308T versions prior to 1.0.3.2 GS310TP versions prior to 1.0.3.2 GS710TUP versions prior to 1.0.5.3 GS716TP versions prior to 1.0.4.2 GS716TPP versions prior to 1.0.4.2 GS724TPP versions prior to 2.0.6.3 GS724TPv2 versions prior to 2.0.6.3 GS728TPPv2 versions prior to 6.0.8.2 GS728TPv2 versions prior to 6.0.8.2 GS750E versions prior to 1.0.1.10 GS752TPP versions prior to 6.0.8.2 GS752TPv2 versions prior to 6.0.8.2 MS510TXM versions prior to 1.0.4.2 MS510TXUP versions prior to 1.0.4.2

Description The issue is related to a injection in the web UI's password field, which, due to several faulty aspects of the authentication scheme, allows an attacker to create or overwrite a file with specific content, such as the "2" string. This leads to admin session crafting, resulting in an unauthenticated attacker gaining full web UI admin privileges.

Recommendations For GC108P versions prior to 1.0.8.2, update to version 1.0.8.2 or later. For GC108PP versions prior to 1.0.8.2, update to version 1.0.8.2 or later. For GS108Tv3 versions prior to 7.0.7.2, update to version 7.0.7.2 or later. For GS110TPP versions prior to 7.0.7.2, update to version 7.0.7.2 or later. For GS110TPv3 versions prior to 7.0.7.2, update to version 7.0.7.2 or later. For GS110TUP versions prior to 1.0.5.3, update to version 1.0.5.3 or later. For GS308T versions prior to 1.0.3.2, update to version 1.0.3.2 or later. For GS310TP versions prior to 1.0.3.2, update to version 1.0.3.2 or later. For GS710TUP versions prior to 1.0.5.3, update to version 1.0.5.3 or later. For GS716TP versions prior to 1.0.4.2, update to version 1.0.4.2 or later. For GS716TPP versions prior to 1.0.4.2, update to version 1.0.4.2 or later. For GS724TPP versions prior to 2.0.6.3, update to version 2.0.6.3 or later. For GS724TPv2 versions prior to 2.0.6.3, update to version 2.0.6.3 or later. For GS728TPPv2 versions prior to 6.0.8.2, update to version 6.0.8.2 or later. For GS728TPv2 versions prior to 6.0.8.2, update to version 6.0.8.2 or later. For GS750E versions prior to 1.0.1.10, update to version 1.0.1.10 or later. For GS752TPP versions prior to 6.0.8.2, update to version 6.0.8.2 or later. For GS752TPv2 versions prior to 6.0.8.2, update to version 6.0.8.2 or later. For MS510TXM versions prior to 1.0.4.2, update to version 1.0.4.2 or later. For MS510TXUP versions prior to 1.0.4.2, update to version 1.0.4.2 or later.

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2021-41314

Affected Products

Gc108Pp

Gs108Tv3

Gs110Tpp

Gs110Tpv3

Gs110Tup

Gs308T

Gs310Tp

Gs710Tup

Gs716Tp

Gs724Tpp

Gs724Tpv2

Gs728Tppv2

Gs750E

Gs752Tpp

Gs752Tpv2

Ms510Txm

Ms510Txup

PT-2021-23269 · NetGear · Gs110Tpv3+16

CVE-2021-41314

Weakness Enumeration

Related Identifiers

Affected Products

References · 6