Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2021-41314

Published: 16/09/2021 Updated: 12/07/2022
CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 739
Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Gc108p Firmware

Vulnerability Summary

Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the malicious user to create (or overwrite) a file with specific content (e.g., the "2" string). This leads to admin session crafting and therefore gaining full web UI admin privileges by an unauthenticated attacker. This affects GC108P prior to 1.0.8.2, GC108PP prior to 1.0.8.2, GS108Tv3 prior to 7.0.7.2, GS110TPP prior to 7.0.7.2, GS110TPv3 prior to 7.0.7.2, GS110TUP prior to 1.0.5.3, GS308T prior to 1.0.3.2, GS310TP prior to 1.0.3.2, GS710TUP prior to 1.0.5.3, GS716TP prior to 1.0.4.2, GS716TPP prior to 1.0.4.2, GS724TPP prior to 2.0.6.3, GS724TPv2 prior to 2.0.6.3, GS728TPPv2 prior to 6.0.8.2, GS728TPv2 prior to 6.0.8.2, GS750E prior to 1.0.1.10, GS752TPP prior to 6.0.8.2, GS752TPv2 prior to 6.0.8.2, MS510TXM prior to 1.0.4.2, and MS510TXUP prior to 1.0.4.2.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

netgear gc108p_firmware

netgear gc108pp_firmware

netgear gs108t_firmware

netgear gs110tpp_firmware

netgear gs110tp_firmware

netgear gs110tup_firmware

netgear gs308t_firmware

netgear gs310tp_firmware

netgear gs710tup_firmware

netgear gs716tp_firmware

netgear gs716tpp_firmware

netgear gs724tpp_firmware

netgear gs724tp_firmware

netgear gs728tpp_firmware

netgear gs728tp_firmware

netgear gs750e_firmware

netgear gs752tpp_firmware

netgear gs752tp_firmware

netgear ms510txm_firmware

netgear ms510txup_firmware

Vendor Advisories

Check Point Security Alerts: NETGEAR Multiple Products Authentication Bypass (CVE-2021-41314)
Check Point Reference: CPAI-2021-2133 Date Published: 12 Mar 2024 Severity: High ...

References

CWE-74https://gynvael.coldwind.pl/?id=742https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145https://nvd.nist.govhttps://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2021-2133.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook