Details of VAR-202109-1067

ID

VAR-202109-1067

CVE

CVE-2021-40867

TITLE

plural NETGEAR Authentication Vulnerability in Smart Switch

Trust: 0.8

sources: JVNDB: JVNDB-2021-011956

DESCRIPTION

Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or already in possession of a foothold on an admin's machine). This occurs because the multi-step HTTP authentication process is effectively tied only to the source IP address. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. plural NETGEAR Smart Switch contains an authentication vulnerability and a race condition vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This affects GC108P prior to 1.0.8.2, GC108PP prior to 1.0.8.2, GS108Tv3 prior to 7.0.7.2, GS110TPP prior to 7.0.7.2, GS110TPv3 prior to 7.0.7.2, GS110TUP prior to 1.0.5.3, GS308T prior to 1.0.3.2, GS310TP prior to 1.0.3.2, GS710TUP prior to 1.0.5.3, GS716TP prior to 1.0.4.2, GS716TPP prior to 1.0.4.2, GS724TPP prior to 2.0.6.3, GS724TPv2 prior to 2.0.6.3, GS728TPPv2 prior to 6.0.8.2, GS728TPv2 prior to 6.0.8.2, GS750E prior to 1.0.1.10, GS752TPP prior to 6.0.8.2, GS752TPv2 prior to 6.0.8.2, MS510TXM prior to 1.0.4.2, and MS510TXUP prior to 1.0.4.2

Trust: 1.71

sources: NVD: CVE-2021-40867 // JVNDB: JVNDB-2021-011956 // VULMON: CVE-2021-40867

AFFECTED PRODUCTS

vendor:	netgear	model:	gs752tpp	scope:	lt	version:	6.0.8.2	Trust: 1.0
vendor:	netgear	model:	gs110tup	scope:	lt	version:	1.0.5.3	Trust: 1.0
vendor:	netgear	model:	gs110tpp	scope:	lt	version:	7.0.7.2	Trust: 1.0
vendor:	netgear	model:	gc108p	scope:	lt	version:	1.0.8.2	Trust: 1.0
vendor:	netgear	model:	gs716tpp	scope:	lt	version:	1.0.4.2	Trust: 1.0
vendor:	netgear	model:	gs724tpp	scope:	lt	version:	2.0.6.3	Trust: 1.0
vendor:	netgear	model:	ms510txup	scope:	lt	version:	1.0.4.2	Trust: 1.0
vendor:	netgear	model:	gs724tp	scope:	lt	version:	2.0.6.3	Trust: 1.0
vendor:	netgear	model:	gs750e	scope:	lt	version:	1.0.1.10	Trust: 1.0
vendor:	netgear	model:	gs728tpp	scope:	lt	version:	6.0.8.2	Trust: 1.0
vendor:	netgear	model:	gs752tp	scope:	lt	version:	6.0.8.2	Trust: 1.0
vendor:	netgear	model:	gs308t	scope:	lt	version:	1.0.3.2	Trust: 1.0
vendor:	netgear	model:	gs310tp	scope:	lt	version:	1.0.3.2	Trust: 1.0
vendor:	netgear	model:	gs710tup	scope:	lt	version:	1.0.5.3	Trust: 1.0
vendor:	netgear	model:	gs728tp	scope:	lt	version:	6.0.8.2	Trust: 1.0
vendor:	netgear	model:	gc108pp	scope:	lt	version:	1.0.8.2	Trust: 1.0
vendor:	netgear	model:	gs110tp	scope:	lt	version:	7.0.7.2	Trust: 1.0
vendor:	netgear	model:	gs716tp	scope:	lt	version:	1.0.4.2	Trust: 1.0
vendor:	netgear	model:	ms510txm	scope:	lt	version:	1.0.4.2	Trust: 1.0
vendor:	netgear	model:	gs108t	scope:	lt	version:	7.0.7.2	Trust: 1.0
vendor:	ネットギア	model:	gs110tup	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs108t	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs310tp	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs710tup	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs110tpp	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs308t	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gc108p	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs716tp	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gs110tp	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	gc108pp	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-011956 // NVD: CVE-2021-40867

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-40867
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2021-40867
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-40867
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202109-730
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-40867
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-40867
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-40867
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2021-40867
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-40867
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-40867 // JVNDB: JVNDB-2021-011956 // CNNVD: CNNVD-202109-730 // NVD: CVE-2021-40867 // NVD: CVE-2021-40867

PROBLEMTYPE DATA

problemtype:	CWE-290	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8
problemtype:	Race condition (CWE-362) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-011956 // NVD: CVE-2021-40867

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202109-730

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202109-730

PATCH

title:	Security Advisory for Multiple Vulnerabilities on Some Smart Switches, PSV-2021-0140, PSV-2021-0144, PSV-2021-0145	url:	https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145	Trust: 0.8
title:	Netgear NETGEAR Repair measures for the competition condition problem loophole	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=163756	Trust: 0.6

sources: JVNDB: JVNDB-2021-011956 // CNNVD: CNNVD-202109-730

EXTERNAL IDS

db:	NVD	id:	CVE-2021-40867	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-011956	Trust: 0.8
db:	CNNVD	id:	CNNVD-202109-730	Trust: 0.6
db:	VULMON	id:	CVE-2021-40867	Trust: 0.1

sources: VULMON: CVE-2021-40867 // JVNDB: JVNDB-2021-011956 // CNNVD: CNNVD-202109-730 // NVD: CVE-2021-40867

REFERENCES

url:	https://kb.netgear.com/000063978/security-advisory-for-multiple-vulnerabilities-on-some-smart-switches-psv-2021-0140-psv-2021-0144-psv-2021-0145	Trust: 1.7
url:	https://gynvael.coldwind.pl/?id=741	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40867	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/362.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-40867 // JVNDB: JVNDB-2021-011956 // CNNVD: CNNVD-202109-730 // NVD: CVE-2021-40867

SOURCES

db:	VULMON	id:	CVE-2021-40867
db:	JVNDB	id:	JVNDB-2021-011956
db:	CNNVD	id:	CNNVD-202109-730
db:	NVD	id:	CVE-2021-40867

LAST UPDATE DATE

2024-08-14T15:01:19.710000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-40867	date:	2021-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-011956	date:	2022-08-18T08:35:00
db:	CNNVD	id:	CNNVD-202109-730	date:	2021-09-26T00:00:00
db:	NVD	id:	CVE-2021-40867	date:	2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-40867	date:	2021-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-011956	date:	2022-08-18T00:00:00
db:	CNNVD	id:	CNNVD-202109-730	date:	2021-09-13T00:00:00
db:	NVD	id:	CVE-2021-40867	date:	2021-09-13T08:15:13.323