ID

VAR-201312-0127

CVE

CVE-2013-4776

TITLE

plural NETGEAR ProSafe Service operation interruption in switch product firmware (DoS) Vulnerabilities

DESCRIPTION

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/. NetGear ProSafe is a smart switch product that monitors and configures the network. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. The following ProSafe products are vulnerable: GS724Tv3 firmware version 5.4.1.13 GS716Tv2 firmware version 5.4.1.13 GS724Tv3 firmware version 5.4.1.10 GS716Tv2 firmware version 5.4.1.10 GS748Tv4 firmware version 5.4.1.14 GS510TP firmware version 5.0.4.4. 1. BACKGROUND According to the vendor, Netgear ProSafe is a cost-effective line of smart switches for Small and Medium Businesses (SMBs). The products cover an essential set of network features and easy-to-use web-based management. Power over Ethernet (PoE) and Stacking versions are also available. 2. SUMMARY A range of ProSafe switches are affected by two different vulnerabilities: CVE-2013-4775: Unauthenticated startup-config disclosure. CVE-2013-4776: Denial of Service vulnerability. 3. VULNERABILITIES The list below describes the vulnerabilities discovered in the affected software. 4.1 CVE-2013-4775: Unauthenticated startup-config disclosure The web management application fails to restrict URL access to different application areas. [Proof of Concept] The vulnerability can be exploited with a simple HTTP (GET) request. Open a browser and visit http://Target-IP/filesystem/startup-config 4.2 CVE-2013-4776: Denial of Service vulnerability The affected products are prone to a Denial of Service vulnerability. [Proof of Concept] The vulnerability can be exploited with a simple HTTP (GET) request. Open a browser and visit http://Target-IP/filesystem/ Implementation of a Proof of Concept for both vulnerabilities can be found here: http://www.encripto.no/tools/netgear-prosafe-PoC.tar.gz 5. REMEDIATION No firmware updates or fixes have been released yet. As a mitigation, the vendor recommends configuring a separate management VLAN and configure access control via \x93Security::Access::Access Control\x94 or \x93Security::ACL::Advanced::IP Extended Rules\x94. 6. CREDIT The vulnerabilities were originally discovered in a GS724Tv3 device, by Juan J. G\xfcelfo at Encripto AS. E-mail: post [at] encripto [dot] no Web: http://www.encripto.no Special thanks to Maarten Hoogcarspel and the Netgear Support Team for verifying other switch models, and considering possible fixes. For more information about Encripto\x92s research policy, please visit http://www.encripto.no/forskning/ 7. REFERENCES http://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2013.pdf http://www.encripto.no/tools/netgear-prosafe-PoC.tar.gz DISCLAIMER The material presented in this document is for educational purposes only. Encripto AS cannot be responsible for any loss or damage carried out by any technique presented in this material. The reader is the only one responsible for applying this knowledge, which is at his / her own risk. Any of the trademarks, service marks, collective marks, design rights, personality rights or similar rights that are mentioned, used or cited in this document is property of their respective owners

IOT TAXONOMY

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

Failure to Handle Exceptional Conditions

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Juan J. Güelfo of Encripto AS

SOURCES

LAST UPDATE DATE

2025-04-11T23:11:58.578000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE