MY BRAND BOOK Critical Bug impacts Netgear Smart Switches

Critical Bug impacts Netgear Smart Switches

By MYBRANDBOOK

Third Critical Bug Affects Netgear Smart Switches - the Details and PoC have been released. The disclosure comes weeks after Netgear released patches to handle the vulnerabilities earlier this month. Successful exploitation of Demon’s Cries and Draconian Fear might grant a malicious celebration the power to vary the administrator password without really having to know the earlier password or hijack the session bootstrapping info, leading to a full compromise of the gadget.

in a new post sharing technical specifics about Seventh Inferno, Coldwind noted that the issue relates to a newline injection flaw in the password field during Web UI authentication, effectively enabling the attacker to create fake session files, and combine it with a reboot Denial of Service (DoS) and a post-authentication shell injection to get a fully valid session and execute any code as root user, thereby leading to full device compromise.

The reboot DoS is a technique designed to reboot the switch by exploiting the newline injection to write "2" into three different kernel configurations - "/proc/sys/vm/panic_on_oom," "/proc/sys/kernel/panic," and "/proc/sys/kernel/panic_on_oops" - in a manner that causes the device to compulsorily shut down and restart due to kernel panic when all the available RAM is consumed upon uploading a large file over HTTP.

"This vulnerability and exploit chain is actually quite interesting technically," Coldwind said. "In short, it goes from a newline injection in the password field, through being able to write a file with constant uncontrolled content of '2' (like, one byte 32h), through a DoS and session crafting (which yields an admin web UI user), to an eventual post-auth shell injection (which yields full root)."

BREAKING NEWS

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

TECHNO TRENDS

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

E-Magazine

TECHNOTAINMENT

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b

MOVERS & SHAKERS

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this

OPEN YOUR EYES

Chinese Investments targets start-ups to scale up in India

Rising Uncertainty On The Start-ups At The Verge Of Collapse

The demand for touch-less services are on huge demand

A question arises on how would be the future of the workplace?

We have to continue our efforts to drive the country

INTERVIEWS

Bolstering its commitment to help build a truly self-reliant B

Alpha Max offers high end solutions in the network space to en

The vision at Alpha Max is to attain quality as the trademark and create a

Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

A good amount of R&D works and global support services are operated out of

HOT PICK

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr

MAKE IN INDIA BRANDS

TAC SECURITY SOLUTIONS

VERSA NETWORKS INDIA PVT. LTD.

INFOSYS TECHNOLOGIES PVT. LTD.

EXIDE INDUSTRIES LTD.

EMINENT CIO'S OF INDIA

USING AI & BI OFFERINGS TO ADDRESS CLIENT NEEDS

In the fiscal year 2024-25, Assisto Technologies h...

AI AND DATA ANALYTICS REVOLUTIONIZING HEALTHCARE SERVICES

...

HARNESSING THE POWER OF BIG DATA TO GAIN VALUABLE INSIGHTS

A Technology certainly drives innovation and busin...

ICONS OF INDIA

ICONS OF INDIA : VINAY SINHA

Vinay Sinha is the Managing Director of Sales for the India Mega Regio...

Icons Of India : NANDAN NILEKANI

Nandan Nilekani is the Co-Founder and Chairman of Infosys Technologies...

Icons Of India : Bhavish Aggarwal

Indian entrepreneur Bhavish Aggarwal is the CEO of Ola, India’s larg...

PARTNER SPEAKERS

Unwavering Commitment & Communication helping to thrive in the evolving digital landscape

We leverage a comprehensive market intelligence framework and an advanced CRM ...

Leveraging New Age Technologies To Offer Personalized and Scalable Services

To navigate the 2024 and beyond evolving landscape, Rx Infotech plans to adopt...

Constantly Modifying Services And Strategies To Remain Pertinent And Competitive

The company conducts regular audits and reviews of its brand communication eff...

PSU

UIDAI - Unique Identification Authority of India

UIDAI and the Aadhaar system represent a significant milestone in Indi...

BSE - Bombay Stock Exchange

The Bombay Stock Exchange (BSE) is one of India’s largest and oldest...

HPCL - Hindustan Petroleum Corporation Ltd.

HPCL is an integrated oil and gas company involved in refining, market...

VIDEOS

Top 25 Brands

Most Trusted Brands 2024 : Samsung Electronics Co. Ltd.

Samsung invests heavily in marketing campaigns to promote...

Most Trusted Brands 2024: Infosys Ltd.

Infosys, leverages emerging technologies and digital capabilities to help clie...

Most Trusted Brands 2024 : Ingram Micro India

Ingram Micro India’s strong brand connection is built on its distribution ne...

Global Indian industry

Indian Tech Talent Excelling The Tech World - Aneel Bhusri, CEO, Workday

Aneel Bhusri, Co-Founder and Executive Chair at Workday, has been a le...

Indian Tech Talent Excelling The Tech World - Soni Jiandani, Co-Founder- Pensando Systems

Soni Jiandani, Co-Founder of Pensando Systems, is a tech visionary ren...

Indian Tech Talent Excelling The Tech World - PADMASREE WARRIOR, Founder, President & CEO - Fable

Padmasree Warrior, the Founder, President, and CEO of Fable, is revolu...

STARNITE AWARDS 2024

ITFORUM 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY