Critical Bug impacts Netgear Smart Switches
By MYBRANDBOOK
Third Critical Bug Affects Netgear Smart Switches - the Details and PoC have been released. The disclosure comes weeks after Netgear released patches to handle the vulnerabilities earlier this month. Successful exploitation of Demon’s Cries and Draconian Fear might grant a malicious celebration the power to vary the administrator password without really having to know the earlier password or hijack the session bootstrapping info, leading to a full compromise of the gadget.
in a new post sharing technical specifics about Seventh Inferno, Coldwind noted that the issue relates to a newline injection flaw in the password field during Web UI authentication, effectively enabling the attacker to create fake session files, and combine it with a reboot Denial of Service (DoS) and a post-authentication shell injection to get a fully valid session and execute any code as root user, thereby leading to full device compromise.
The reboot DoS is a technique designed to reboot the switch by exploiting the newline injection to write "2" into three different kernel configurations - "/proc/sys/vm/panic_on_oom," "/proc/sys/kernel/panic," and "/proc/sys/kernel/panic_on_oops" - in a manner that causes the device to compulsorily shut down and restart due to kernel panic when all the available RAM is consumed upon uploading a large file over HTTP.
"This vulnerability and exploit chain is actually quite interesting technically," Coldwind said. "In short, it goes from a newline injection in the password field, through being able to write a file with constant uncontrolled content of '2' (like, one byte 32h), through a DoS and session crafting (which yields an admin web UI user), to an eventual post-auth shell injection (which yields full root)."
Google Pay has added "Open Wallet" shortcut
With the introduction of the "Open Wallet" shortcut, Google Pay has impro...
TRAI targets to finalise National Broadcast Policy by May-end
The Telecom Regulatory Authority of India will finalise the National Broa...
TAC Security becomes Cyber Security Assessor for the App Defen
The cybersecurity company, TAC Security has been selected as a key Cyber ...
InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce
In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...
QUICK HEAL TECHNOLOGIES PVT. Ltd.
HP INDIA SALES PVT. LTD.
SAMSUNG INDIA ELECTRONICS PVT. LTD.
OPTIEMUS INFRACOM
Technology Icons Of India 2023: Bhavish Aggarwal
Ola CEO Bhavish Aggarwal had formed Ola-India’s largest mobility pla...
Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)
LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...
Technology Icons Of India 2023: Sandip Patel
Sandip Patel is the Managing Director, IBM India/South Asia. He is res...
EESL encouraging e-mobility adoption across India
Energy Efficiency Services Limited (EESL) is a Super Energy Service Co...
INDIANOIL helps reach precious petroleum fuels to every nook and corner of the country
IndianOil, a diversified, integrated energy major with presence in alm...
NPCI leading India towards Digital payments
The National Payments Corporation of India (NPCI) is an initiative tak...
ADITYA INFOTECH LTD.
Aditya Infotech Ltd. (AIL) – the technology arm of Aditya Group, is ...
FORTUNE MARKETING PVT. LTD.
Delhi based Fortune Marketing, An ISO 9001:2008 company, distributes ...
SATCOM INFOTECH PVT. LTD.
Satcom Infotech Pvt. Ltd is a distribution houses in security in India...