CVE-2021-40866

high-risk

Published 2021-09-13

Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

Do I need to act?

1.4% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Gc108P Firmware

Gc108Pp Firmware

Gs108T Firmware

Gs110Tpp Firmware

Gs110Tp Firmware

Gs110Tup Firmware

Gs308T Firmware

Gs310Tp Firmware

Gs710Tup Firmware

Gs716Tp Firmware

Gs716Tpp Firmware

Gs724Tpp Firmware

Gs724Tp Firmware

Gs728Tpp Firmware

Gs728Tp Firmware

Gs750E Firmware

Gs752Tpp Firmware

Gs752Tp Firmware

Ms510Txm Firmware

Ms510Txup Firmware

Affected Vendors

Netgear

References (4)

Exploit https://gynvael.coldwind.pl/?id=740

Vendor Advisory https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-...

Exploit https://gynvael.coldwind.pl/?id=740

Vendor Advisory https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 4/34 · Minimal

Exposure 20/34 · Moderate