CVE-2021-40867

Published Sep 13, 2021

Last updated a year ago

CVSS high 7.1

Overview

Description: Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or already in possession of a foothold on an admin's machine). This occurs because the multi-step HTTP authentication process is effectively tied only to the source IP address. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.1
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5.4
Impact score: 6.4
Exploitability score: 5.5
Vector string: AV:A/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-290

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gc108p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A1CC9E5-8253-4924-8282-9E768661680E",
            "versionEndExcluding": "1.0.8.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gc108p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E9E3ADD8-926C-46CD-ABDF-0F7C99879808"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gc108pp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B8389CE-DA82-49C9-A431-7B2FE7C8950E",
            "versionEndExcluding": "1.0.8.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gc108pp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D79979EF-D425-4199-BC73-36FB97EA9976"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs108t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2C585B5-2EDE-41DD-A1DB-3F3B5DCB1C83",
            "versionEndExcluding": "7.0.7.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs108tv3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8EE9EB1F-D49E-499A-B39B-7F15A1E5DAEC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs110tpp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAAA5112-5735-4889-9F6C-4217D2CE58FC",
            "versionEndExcluding": "7.0.7.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs110tpp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E095D139-28EE-4ADD-8FCD-3C2322AC3668"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs110tp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5F5E8A3-6FB6-45B0-819A-95F88B6486DD",
            "versionEndExcluding": "7.0.7.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs110tp:v3:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F2DA3649-BC53-496E-A78C-FFA471872B5A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs110tup_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B241F5FC-3053-44ED-ABDE-F7E4C1F26E2D",
            "versionEndExcluding": "1.0.5.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs110tup:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1A469DFA-DE46-444C-B007-F9932C61EE26"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs308t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5EF9D41-5E0D-4BBC-BD8C-40422B29D241",
            "versionEndExcluding": "1.0.3.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs308t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C204CFAA-0709-421A-A907-8F5B093063F4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs310tp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A18B9E4-16A6-443B-A504-784FA821B404",
            "versionEndExcluding": "1.0.3.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs310tp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6761CCD9-9D27-465F-8707-F23707A84803"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs710tup_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17CEF560-AF2A-48AD-B8A4-666BD2ECBDCE",
            "versionEndExcluding": "1.0.5.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs710tup:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D6F019BC-8BBB-40F4-A05C-172DCAC705C7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs716tp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E57F0167-9C61-44FB-A7BB-70F0A9247DB8",
            "versionEndExcluding": "1.0.4.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs716tp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C9D88DD2-CE3F-431C-8FC8-01CBFB5AFED1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs716tpp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "421B0F3A-9A03-42B0-8B45-E77DFE176A6F",
            "versionEndExcluding": "1.0.4.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs716tpp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6DB3B313-1667-401C-92CF-EBB03CF91010"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs724tpp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "339698F2-2727-469D-82E4-8E025FCBB106",
            "versionEndExcluding": "2.0.6.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs724tpp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6EB10210-B401-4944-832A-D31AEA8B3952"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs724tp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7710FD29-3D79-4260-875D-48BBC8B173BE",
            "versionEndExcluding": "2.0.6.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs724tp:v2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E871CCB4-8093-44AE-B289-CF81F82A9DB8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs728tpp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B67A12FE-8681-4789-896E-69B3E9057FE4",
            "versionEndExcluding": "6.0.8.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs728tpp:v2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FC4DE9FB-CAD5-45F9-A11C-1C20EE2FF3A1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs728tp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D623D8A0-ADEB-4476-9364-CFFAE4967784",
            "versionEndExcluding": "6.0.8.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs728tp:v2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7126D4F8-2E3C-478B-9BD2-8055DFB48D8D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs750e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDFC5B41-EBAC-42C9-B12E-AAACC199F324",
            "versionEndExcluding": "1.0.1.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs750e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A56285CF-1BD8-4BB5-AC9C-9EDDFCFC9E5C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs752tpp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00504A9F-EBE8-4D88-98C6-52CC260EC944",
            "versionEndExcluding": "6.0.8.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs752tpp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "995D8E9F-7AE6-4A17-A728-7190FB2CE8BC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:gs752tp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13F7E762-95AB-4E8F-865C-C29A6B41DC4F",
            "versionEndExcluding": "6.0.8.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:gs752tp:v2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CDD4D404-9A22-408B-89CF-5107B809CB90"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:ms510txm_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D620D42-9365-4A5E-957C-ADB9EAD56D8C",
            "versionEndExcluding": "1.0.4.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:ms510txm:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5CF12A57-ACFA-48AA-B41C-06EB7095C800"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:ms510txup_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD52B5A4-0CF4-4E80-BD9B-05C1DFB855D2",
            "versionEndExcluding": "1.0.4.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:ms510txup:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D3A918F0-36BB-4EDE-98B8-00C3DC8F7BB5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References