CVE-2021-40867

Name of the Vulnerable Software and Affected Versions NETGEAR GC108P versions prior to 1.0.8.2 NETGEAR GC108PP versions prior to 1.0.8.2 NETGEAR GS108Tv3 versions prior to 7.0.7.2 NETGEAR GS110TPP versions prior to 7.0.7.2 NETGEAR GS110TPv3 versions prior to 7.0.7.2 NETGEAR GS110TUP versions prior to 1.0.5.3 NETGEAR GS308T versions prior to 1.0.3.2 NETGEAR GS310TP versions prior to 1.0.3.2 NETGEAR GS710TUP versions prior to 1.0.5.3 NETGEAR GS716TP versions prior to 1.0.4.2 NETGEAR GS716TPP versions prior to 1.0.4.2 NETGEAR GS724TPP versions prior to 2.0.6.3 NETGEAR GS724TPv2 versions prior to 2.0.6.3 NETGEAR GS728TPPv2 versions prior to 6.0.8.2 NETGEAR GS728TPv2 versions prior to 6.0.8.2 NETGEAR GS750E versions prior to 1.0.1.10 NETGEAR GS752TPP versions prior to 6.0.8.2 NETGEAR GS752TPv2 versions prior to 6.0.8.2 NETGEAR MS510TXM versions prior to 1.0.4.2 NETGEAR MS510TXUP versions prior to 1.0.4.2

Description The issue is caused by an authentication hijacking race-condition vulnerability that allows an unauthenticated attacker to exploit the multi-step HTTP authentication process, which is tied only to the source IP address. This can be exploited by an attacker using the same source IP address as an admin, such as when behind the same NAT device or already having a foothold on an admin's machine. The vulnerability may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For NETGEAR GC108P versions prior to 1.0.8.2, update to version 1.0.8.2 or later. For NETGEAR GC108PP versions prior to 1.0.8.2, update to version 1.0.8.2 or later. For NETGEAR GS108Tv3 versions prior to 7.0.7.2, update to version 7.0.7.2 or later. For NETGEAR GS110TPP versions prior to 7.0.7.2, update to version 7.0.7.2 or later. For NETGEAR GS110TPv3 versions prior to 7.0.7.2, update to version 7.0.7.2 or later. For NETGEAR GS110TUP versions prior to 1.0.5.3, update to version 1.0.5.3 or later. For NETGEAR GS308T versions prior to 1.0.3.2, update to version 1.0.3.2 or later. For NETGEAR GS310TP versions prior to 1.0.3.2, update to version 1.0.3.2 or later. For NETGEAR GS710TUP versions prior to 1.0.5.3, update to version 1.0.5.3 or later. For NETGEAR GS716TP versions prior to 1.0.4.2, update to version 1.0.4.2 or later. For NETGEAR GS716TPP versions prior to 1.0.4.2, update to version 1.0.4.2 or later. For NETGEAR GS724TPP versions prior to 2.0.6.3, update to version 2.0.6.3 or later. For NETGEAR GS724TPv2 versions prior to 2.0.6.3, update to version 2.0.6.3 or later. For NETGEAR GS728TPPv2 versions prior to 6.0.8.2, update to version 6.0.8.2 or later. For NETGEAR GS728TPv2 versions prior to 6.0.8.2, update to version 6.0.8.2 or later. For NETGEAR GS750E versions prior to 1.0.1.10, update to version 1.0.1.10 or later. For NETGEAR GS752TPP versions prior to 6.0.8.2, update to version 6.0.8.2 or later. For NETGEAR GS752TPv2 versions prior to 6.0.8.2, update to version 6.0.8.2 or later. For NETGEAR MS510TXM versions prior to 1.0.4.2, update to version 1.0.4.2 or later. For NETGEAR MS510TXUP versions prior to 1.0.4.2, update to version 1.0.4.2 or later.