الوصف:

أصدرت NETGEAR عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:

• GC108P, running firmware versions prior to 1.0.8.2
• GC108PP, running firmware versions prior to 1.0.8.2
• GS108Tv3, running firmware versions prior to 7.0.7.2
• GS110TPv3, running firmware versions prior to 7.0.7.2
• GS110TPP, running firmware versions prior to 7.0.7.2
• GS110TUP, running firmware versions prior to 1.0.5.3
• GS710TUP, running firmware versions prior to 1.0.5.3
• GS308T, running firmware versions prior to 1.0.3.2
• GS310TP, running firmware versions prior to 1.0.3.2
• GS710TUP, running firmware versions prior to 1.0.5.3
• GS716TP, running firmware versions prior to 1.0.4.2
• GS716TPP, running firmware versions prior to 1.0.4.2
• GS724TPP, running firmware versions prior to 2.0.6.3
• GS724TPv2, running firmware versions prior to 2.0.6.3
• GS724TPP, running firmware versions prior to 2.0.6.3
• GS728TPPv2, running firmware versions prior to 6.0.8.2
• GS728TPv2, running firmware versions prior to 6.0.8.2
• GS752TPv2, running firmware versions prior to 6.0.8.2
• GS752TPP, running firmware versions prior to 6.0.8.2
• GS750E, running firmware versions prior to 1.0.1.10
• MS510TXM, running firmware versions prior to 1.0.4.2
• MS510TXUP, running firmware versions prior to 1.0.4.2

التهديدات:

يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:

• حقن الأوامر (Command Injection)

الإجراءات الوقائية:

يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت NETGEAR توضيحًا لهذه التحديثات:

• https://kb.netgear.com/000064164/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Switches-PSV-2021-0167?article=000064164