NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
MS510TXPP - critical vulnerability on latest 6.7.0.52 firmware
The Netgear MS510TXPP switch is vulnerable to CVE-2019-16645 on the latest 6.7.0.52 firmware. There has not been a new firmware released for this device since 2022 despite a long list of outstanding ...
Squuiid wrote:
The Netgear MS510TXPP switch is vulnerable to CVE-2019-16645 on the latest 6.7.0.52 firmware.
According to what exactly - have run some magic Vulnerability scanner or the like? Please provide more details of what you suspect to be a vulnerability.
Squuiid wrote:
There has not been a new firmware released for this device since 2022 despite a long list of outstanding issues.
Talking of the known issues in the Release Notes?
Squuiid wrote:
The exploit is a GoAhead Web server HTTP Header Injection, is rated high, and has not been patched in years.
Is this a generic report, applicable to the GoAhead Web Server, very often used on embedded systems (and updated to some v6.x.x version last year)?
Or are you referring to what Netgear has implemented as part of the recent updates, on your device with the current firmware, and you claiming some vulnerability does still exist?
Based on what you supplied on insight here, it's very difficult to guess what exactly you try to report.
Please understand I'm not representing Netgear here, but I'm keen to hear about more insight - and carry forward to my personal connections to Netgear reps.
Regards,
-Kurt.
I bought this NETGEAR switch in June of 2024, and is still being sold, to this day, on both Amazon’s site, as well as NETGEAR’s very own site.
I discovered a critical CVE using OpenVAS and raised a NETGEAR BugCrowd report (which got rejected twice despite a ton of info being provided and I gave up) as well as opening a ticket with NETGEAR support. I had more success with the support ticket and eventually got it raised to level 3. It was escalated to their engineers and they came back with the following, refusing to address the critical CVE:
"Hi,
This is xxxxx again giving you updates from the case. Our Engineers responded to your case and unfortunately we will not release any firmware that fixes the issue anymore since the unit has already ended its manufacturing way back Feb 2023 and our contract with the chipset maker which is Marvell has already expired with us.
Regards,
xxxx xxxx
Netgear Level 3”
And then this, and they closed my ticket without allowing me to respond!
"Case Number - 48865175
Summary - MS510TXPP switch is vulnerable to CVE-2019-16645
Product - 8-Port PoE+ Multi-Gigabit Smart Switch with 10G Copper/Fiber Uplinks(MS510TXPP)
Update from NETGEAR
Hi,
Thank you for your email. I understand what you mean on this and I strongly empathize on the situation. The unit been sold in Amazon is more likely a refurbished or second hand units since Netgear already stopped manufacturing this device way back 2023. The contract from Marvell, chipset vendor has already expired starting 2025 and we no longer have any software engineers that can modify or update the firmware itself.
Regards,
xxxx xxxx
Netgear Level 3
As mentioned, I bought the switch NEW and it is still being sold, as NEW, on NETGEAR's very own store! They closed my ticket so I couldn't respond!
I did some further digging only to discover that the switch I bought, and that NETGEAR are still selling on their very own site as well as on Amazon, is EOL! Not only that, it was EOL when I bought it from Amazon itself in June 2024.
T.L.D.R. NETGEAR are selling NEW switches on their OWN site which are EOL and they no longer offer support for!
For those interested in the vulnerability...
I used Greenbone OpenVAS to test for it.
Here are further details of the vulnerability along with several POCs.
Squuiid wrote:
I discovered a critical CVE using OpenVAS ...Afraid, I tend to disagree.
- Nothing discovered, just one of many false positive reports by that specific vulenrability assesment system.
- No longer exposable since mid of 2021 -> Pre Authentication Command Injection Vulnerability on Some Smart Switches PSV-2021-0071
EOL (a very specific and misleading Netgear nomencalture). It means that the model(s) listed are no longer manufactured and won't get any feature updates For some time, -real- security issues continue to be addressed, regardless of what the Netgear L3 support wrote you.
In no apsect, these switch model on the EOL list are revoked, removed from the markets, or are anywhere near to the and of service life This would be a much more meaningful indication in the product life cycle management, I'll try talking to the recently appointed Channel Chief for Global Channels at Netgear (Thomas Schwab) these days on the substandard product life cycle information.
Correct is that the MS510TXPP and the MS510TX (two siblings with the very similar Marvell switch core) are stil availahble in many markets, on many shelves, with resellers and retailers.
Some of the listed known issues are related to the capabilities of the switch core, probably not fixable with reasonable effort (by Netgear, resp,the OEM - which is also the chip set maker).
Does this clarify things for you now?
-Kurt.
"Nothing discovered, just one of many false positive reports by that specific vulenrability assesment system."
I entirely disagree. The PoC is included in the links I provided. Give it a go!
"No longer exposable since mid of 2021 -> Pre Authentication Command Injection Vulnerability on Some Smart Switches PSV-2021-0071"
Respectfully, I think you're getting confused about which switch we are discussing here. The MS510TXPP is not listed in that advisory. The MS510TXM and MS510TXUP are very different switches.
I'm very much inclined to believe the L3 tech, who gave very specific information and dates about the expiration of Marvell's support with NETGEAR on this switch. It also ties in with the fact that this switch has a lot of unresolved issues, including the vulnerability, and NETGEAR have done nothing to address them since 2022.
Meanwhile other models, such as the MS510TXUP and MS510TXM you referenced, have had firmware updates consistently to this date, as have others which are not marked as EOL on that list.
Current MS510TXPP Known Issues that will likely NEVER be addressed:- The local device UI displays the incorrect number of configured IPv6 routes.
- Multicast forwarding entries are not cleared immediately after the port is shut down.
- When using an AGM734 SFP transceiver on port 10 to connect to a peer that is powered off, the link flaps every 60 seconds.
- When configuring management VLAN other than VLAN 1, the default static IP (192.168.0.239) becomes 0.0.0.0.
Workaround: Use DHCP, or assign a valid static IP address. - If updating firmware through a USB device, the USB device must support the FAT32 file type. The NTFS file type is NOT supported.
- On high speed ports 7 to 10 (5G or 10G), the minimal interface shaping rate is 3.6 Mbps.
- Cable testing when performed on ports 5 to 9 (multi-Gigabit ports):
- Cable status might display “Open at 140 meter” instead of a “good cable” when there is no cable, or when the cable is shorter than 1 meter in length.
- Cable length might display “Length > 140 Meters” for cables shorter than 5 meters.
Last Updated:12/06/2022 | Article ID: 000064831
Squuiid wrote:
"No longer exposable since mid of 2021 -> Pre Authentication Command Injection Vulnerability on Some Smart Switches PSV-2021-0071"
Respectfully, I think you're getting confused about which switch we are discussing here. The MS510TXPP is not listed in that advisory. The MS510TXM and MS510TXUP are very different switches.
Very correct, my bad, sorry. Mind you I'm not Netgear, and don't have any paid or whatever kind of contract with NTGR.
The PSV referred above (dated from May 2021) does clearly indicate that neither Netgewar nor the OEM has taken the responsability required IN TIME (for the suspect vulenrability, and the known issues listed in the RN - well BEFORE the contract run out.
Two years lost and wasted by the reponsible team including the PM at Netgear. Cause: Ignorance or system blind?
-Kurt.
PS: The SHOUT OUT is for NTGR, not for you Squuiid of course.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
