Netgear EX8000 Command Injection Vulnerability

The Netgear EX8000 is a series of managed switches used in various networking environments. The vulnerability discovered in this CVE allows an attacker to inject malicious commands via the switch_status function, potentially leading to unauthorized access and control over the network.

You're affected if you use Netgear EX8000 V1.0.0.126 or later versions.
Check with: grep -i "switch_status" /etc/config/switch.conf (Note: This command is specific to the switch configuration file and may vary depending on the system configuration.)

This is a managed switch, so if you don't recognize the name, you're probably not affected. If your organization uses Netgear products in their network infrastructure, it's recommended to verify the exact model and firmware version being used.

To fix this vulnerability, follow these steps:

1. Update to Netgear EX8000 V1.0.0.127 or later versions.
   • You can download the latest firmware from the Netgear website.
2. Apply immediate mitigations:
   • Restrict network access to your switch instance (firewall it from the public internet) using a firewall configuration.
   • Audit switch configuration and logs for suspicious activity patterns.

• github.com
• github.com