Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the "2" string). This leads to admin session crafting and therefore gaining full web UI admin privileges by an unauthenticated attacker. This affects GC108P before, GC108PP before, GS108Tv3 before, GS110TPP before, GS110TPv3 before, GS110TUP before, GS308T before, GS310TP before, GS710TUP before, GS716TP before, GS716TPP before, GS724TPP before, GS724TPv2 before, GS728TPPv2 before, GS728TPv2 before, GS750E before, GS752TPP before, GS752TPv2 before, MS510TXM before, and MS510TXUP before

Affected Software

CPE Name Name Version
netgear:gc108p_firmware netgear gc108p firmware
netgear:gc108pp_firmware netgear gc108pp firmware
netgear:gs108t_firmware netgear gs108t firmware
netgear:gs110tpp_firmware netgear gs110tpp firmware
netgear:gs110tp_firmware netgear gs110tp firmware
netgear:gs110tup_firmware netgear gs110tup firmware
netgear:gs308t_firmware netgear gs308t firmware
netgear:gs310tp_firmware netgear gs310tp firmware
netgear:gs710tup_firmware netgear gs710tup firmware
netgear:gs716tp_firmware netgear gs716tp firmware
netgear:gs716tpp_firmware netgear gs716tpp firmware
netgear:gs724tpp_firmware netgear gs724tpp firmware
netgear:gs724tp_firmware netgear gs724tp firmware
netgear:gs728tpp_firmware netgear gs728tpp firmware
netgear:gs728tp_firmware netgear gs728tp firmware
netgear:gs750e_firmware netgear gs750e firmware
netgear:gs752tpp_firmware netgear gs752tpp firmware
netgear:gs752tp_firmware netgear gs752tp firmware
netgear:ms510txm_firmware netgear ms510txm firmware
netgear:ms510txup_firmware netgear ms510txup firmware