The Record -
Networking equipment vendor Netgear has patched three vulnerabilities in several of its smart switches that can allow threat actors to bypass authentication and take over devices.
Codenamed Demon’s Cries, Draconian Fear, and Seventh Inferno, the vulnerabilities were discovered and reported to Netgear by a Polish security researcher going by the pseudonym of Gynvael Coldwind.
Netgear released patches last week on September 3.The researcher published detailed write-ups for the first two bugs, Demon’s Cries and Draconian Fear.Coldwind said technical details about the Seventh Inferno bug would be published next Monday, on September 13.
Of the three vulnerabilities, the first, known as Demon’s Cries, is considered the most severe, with a severity rating of 9.8 out of a maximum of 10, on the CVSSv3 scale.
As Coldwind explained today, the vulnerability can be used to change to bypass initial authentication and change the admin account password for affected Netgear switches.
Not all switches are vulnerable, as the bug resides in
The post ‘Demon’s Cries’ authentication bypass patched in Netgear switches was first published at The Record.