MY BRAND BOOK Critical Bug impacts Netgear Smart Switches

Critical Bug impacts Netgear Smart Switches

By MYBRANDBOOK

Third Critical Bug Affects Netgear Smart Switches - the Details and PoC have been released. The disclosure comes weeks after Netgear released patches to handle the vulnerabilities earlier this month. Successful exploitation of Demon’s Cries and Draconian Fear might grant a malicious celebration the power to vary the administrator password without really having to know the earlier password or hijack the session bootstrapping info, leading to a full compromise of the gadget.

in a new post sharing technical specifics about Seventh Inferno, Coldwind noted that the issue relates to a newline injection flaw in the password field during Web UI authentication, effectively enabling the attacker to create fake session files, and combine it with a reboot Denial of Service (DoS) and a post-authentication shell injection to get a fully valid session and execute any code as root user, thereby leading to full device compromise.

The reboot DoS is a technique designed to reboot the switch by exploiting the newline injection to write "2" into three different kernel configurations - "/proc/sys/vm/panic_on_oom," "/proc/sys/kernel/panic," and "/proc/sys/kernel/panic_on_oops" - in a manner that causes the device to compulsorily shut down and restart due to kernel panic when all the available RAM is consumed upon uploading a large file over HTTP.

"This vulnerability and exploit chain is actually quite interesting technically," Coldwind said. "In short, it goes from a newline injection in the password field, through being able to write a file with constant uncontrolled content of '2' (like, one byte 32h), through a DoS and session crafting (which yields an admin web UI user), to an eventual post-auth shell injection (which yields full root)."

BREAKING NEWS

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

TECHNO TRENDS

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

E-Magazine

TECHNOTAINMENT

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b

MOVERS & SHAKERS

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this

OPEN YOUR EYES

Opportunities For Technological Disruption In Times Of Crisis

600% increase in malicious emails during Covid-19 crisis

We have to continue our efforts to drive the country

The rising risk of insider threats in the remote workforce

Data security and Digital strike is the top priority of the Government

INTERVIEWS

Alpha Max offers high end solutions in the network space to en

AMD Pensando driving innovation in the DPU architecture space

AMD Pensando stands out in the DPU (Data Processing Unit) market with its u

Autodesk continually pushing the boundaries in the Design and

Autodesk’s vision is of a better world designed and made for all. It inte

HOT PICK

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr

MAKE IN INDIA BRANDS

CENTRE FOR DEVELOPMENT OF TELEMATICS (C-DOT)

WIPRO LTD.

DELL TECHNOLOGIES INDIA PVT. LTD.

EXATRON SERVERS MANUFACTURING PVT. LTD.

EMINENT CIO'S OF INDIA

USING AI & BI OFFERINGS TO ADDRESS CLIENT NEEDS

In the fiscal year 2024-25, Assisto Technologies h...

PRIORITIZING APPROPRIATE DATA MANAGEMENT AND ETHICAL AI IS THE NEED OF THE HOUR

For us, cultivating customer trust amidst for that...

AI TO IMPROVE INSIGHTS THROUGH AUGMENTED ANALYTICS, WHILE EDGE COMPUTING TO ALLOW REAL-TIME PROCESSING

For the fiscal year 2024-25, our organization has ...

ICONS OF INDIA

ICONS OF INDIA : RAJESH NAMBIAR

Rajesh leads the company’s India associates and enhances relationshi...

ICONS OF INDIA : ROSHNI NADAR MALHOTRA

Roshni Nadar Malhotra is the Chairperson of HCLTech, a leading global ...

Icons Of India : MUKESH D. AMBANI

Mukesh Dhirubhai Ambani is an Indian businessman and the chairman and ...

PARTNER SPEAKERS

Revolutionizing surveillance industry with innovative range of accessories

Adoption of digital technology is essential for real growth and without this s...

Ingram Micro Xvantage Strengthening Partners To Do More In The Digital Era

ngram Micro Xvantage offers a wide range of benefits for partners, such as a s...

Regaining its Technical Aura By Resonating Consistency & Reliability

Brand awareness metrics and KPIs help TDM Networks to monitor and analyze the ...

PSU

PFC - Power Finance Corporation Ltd

PFC is a leading financial institution in India specializing in power ...

CERT-IN - Indian Computer Emergency Response Team

CERT-In is a national nodal agency for responding to computer security...

GSTN - Goods and Services Tax Network

GSTN provides shared IT infrastructure and service to both central and...

VIDEOS

Top 25 Brands

Most Trusted Brands 2024: HCL TECHNOLOGIES LTD.

HCL Technologies Ltd. (HCLTech) has been at the forefront of technological inn...

Most Trusted Brands 2024: Apple India Pvt. Ltd.

five decades after its founding, Apple has redefined modern computing, emphasi...

Most Trusted Brands 2024 : ACCENTURE PLC

Accenture is renowned for its commitment to technological innovation. It inves...

Global Indian industry

Indian Tech Talent Excelling The Tech World - Steve Sanghi, Executive Chair, Microchip

Steve Sanghi, the Executive Chair of Microchip Technology, has been a ...

Indian Tech Talent Excelling The Tech World - PADMASREE WARRIOR, Founder, President & CEO - Fable

Padmasree Warrior, the Founder, President, and CEO of Fable, is revolu...

Indian Tech Talent Excelling The Tech World - ARVIND KRISHNA, CEO – IBM

Arvind Krishna, an Indian-American business executive, serves as the C...

STARNITE AWARDS 2024

ITFORUM 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY