Critical Bug impacts Netgear Smart Switches
By MYBRANDBOOK
Third Critical Bug Affects Netgear Smart Switches - the Details and PoC have been released. The disclosure comes weeks after Netgear released patches to handle the vulnerabilities earlier this month. Successful exploitation of Demon’s Cries and Draconian Fear might grant a malicious celebration the power to vary the administrator password without really having to know the earlier password or hijack the session bootstrapping info, leading to a full compromise of the gadget.
in a new post sharing technical specifics about Seventh Inferno, Coldwind noted that the issue relates to a newline injection flaw in the password field during Web UI authentication, effectively enabling the attacker to create fake session files, and combine it with a reboot Denial of Service (DoS) and a post-authentication shell injection to get a fully valid session and execute any code as root user, thereby leading to full device compromise.
The reboot DoS is a technique designed to reboot the switch by exploiting the newline injection to write "2" into three different kernel configurations - "/proc/sys/vm/panic_on_oom," "/proc/sys/kernel/panic," and "/proc/sys/kernel/panic_on_oops" - in a manner that causes the device to compulsorily shut down and restart due to kernel panic when all the available RAM is consumed upon uploading a large file over HTTP.
"This vulnerability and exploit chain is actually quite interesting technically," Coldwind said. "In short, it goes from a newline injection in the password field, through being able to write a file with constant uncontrolled content of '2' (like, one byte 32h), through a DoS and session crafting (which yields an admin web UI user), to an eventual post-auth shell injection (which yields full root)."
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India Arundhati Bhattacharya
DRUVA SOFTWARE PVT. LTD.
BEETEL TELETECH LTD.
BHARAT ELECTRONICS LTD.
Icons Of India : Kumar Mangalam Birla
Aditya Birla Group chairman Kumar Mangalam Birla recently made a comeb...
ICONS OF INDIA : S KRISHNAN
S Krishnan as the secretary for the electronics and information techno...
Icons Of India : Deepak Sharma
Deepak Sharma spearheads Schneider Electric India. He brings with him ...
CSC - Common Service Centres
CSC initiative in India is a strategic cornerstone of the Digital Indi...
C-DAC - Centre for Development of Advanced Computing
C-DAC is uniquely positioned in the field of advanced computing...
RailTel Corporation of India Limited
RailTel is a leading telecommunications infrastructure provider in Ind...
Indian Tech Talent Excelling The Tech World - Satya Nadella, Chairman & CEO- Microsoft
Satya Nadella, the Chairman and CEO of Microsoft, recently emphasized ...
Indian Tech Talent Excelling The Tech World - REVATHI ADVAITHI, CEO- Flex
Revathi Advaithi, the CEO of Flex, is a dynamic leader driving growth ...
Indian Tech Talent Excelling The Tech World - PADMASREE WARRIOR, Founder, President & CEO - Fable
Padmasree Warrior, the Founder, President, and CEO of Fable, is revolu...