Security researchers from the NCC Group have identified multiple vulnerabilities in ProSAFE Plus JGS516PE and GS116Ev2 business switches from Netgear, exploitation of the most severe of which could allow a remote, unauthenticated attacker to execute arbitrary code.

According to information security experts, a total of 15 vulnerabilities affecting Netgear switches were found. The most critical issue is the remote code execution vulnerability (CVE-2020-26919) rated with a CVSS score of 9.8.

The issue affects firmware versions prior to 2.6.0.43 and could allow to bypass authentication and run code with the privileges of administrator on a vulnerable device.

The researchers also discovered that the Netgear Switch Discovery Protocol (NSDP), that allows for switch management, fails to properly handle authentication packages, thus leading to authentication bypasses (CVE-2020-35231). An attacker able to exploit this vulnerability "could execute any management actions in the device, including wiping the configuration by executing a factory restoration." Users are advised to disable the remote management feature.

The researchers also found issues with the firmware update mechanism on the vulnerable switches. One of them (CVE-2020-35220) could allow to upload custom firmware files without administrator rights. Another problem (CVE-2020-35232) resides in the improper implementation of internal checks, which could allow attackers to craft firmware files that could “overwrite the entire memory with custom code.”

Other high severity vulnerabilities in Netgear's switches could lead to «denial of service» condition (CVE-2020-35224), could allow an attacker to generate valid passwords (CVE-2020-35221), or perform requests using a single authenticated packet (CVE-2020 -35229).

Source: securitylab.ru