Security »

Netgear Switch

At least some of the NETGEAR switches have a quite serious security flaw. Or if not flaw, at least lack of basic security features.

The switch has a web based management console. Running VLAN (802.1Q), this management console is in some switches (e.g. NETGEAR Prosafe GS724T Smart Switch) always accessible from all VLANs - there is no way disabling management access from the VLANs. This way the only protection from managing the switch is a simple password. Anyone with access to a switch port, any port, can loop through the IP address space searching for the management address, and if the cosmetic security feature "ip access list" is used, a second search for a trusted IP address is required, but all this is trivial.

It boils down to that anyone connected to the switch (direct or indirectly via other switches) can reconfigure it by the simple means of cracking a static password. If you are firewalling different VLAN from each other, you can this way bypass the firewall. Or monitor all other ports of the switch. Or redirect the traffic according to your own taste. Or ... you get the picture - you own the network.

This ProSafe switch is quite ProUnSafe. Ok, it is an inexpensive unit and maybe you should not expect too much from it. A nice documentation about its features and lack of, would be helpful, not using this unit in an unsuitable (i.e. potentially hostile) environment. And what environment isn't potentially hostile..?

Other NETGEAR Smart Switches, like the GS108T (not the ProSafe line) do have the feature of restricting management to only specified VLANs. Unfortunately there is no easy way to know if a NETGEAR switch has this vulnerability or not. NETGEAR have no plans fixing this security issue in the current line of products, according to the support.

References

NETGEAR Support case #8399944 (in Swedish)

Home

Ping site


















Page last modified 2010-12-11 09:13Z

^