NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
MS510TXPP - critical vulnerability on latest 6.7.0.52 firmware
The Netgear MS510TXPP switch is vulnerable to CVE-2019-16645 on the latest 6.7.0.52 firmware. There has not been a new firmware released for this device since 2022 despite a long list of outstanding ...
"Nothing discovered, just one of many false positive reports by that specific vulenrability assesment system."
I entirely disagree. The PoC is included in the links I provided. Give it a go!
"No longer exposable since mid of 2021 -> Pre Authentication Command Injection Vulnerability on Some Smart Switches PSV-2021-0071"
Respectfully, I think you're getting confused about which switch we are discussing here. The MS510TXPP is not listed in that advisory. The MS510TXM and MS510TXUP are very different switches.
I'm very much inclined to believe the L3 tech, who gave very specific information and dates about the expiration of Marvell's support with NETGEAR on this switch. It also ties in with the fact that this switch has a lot of unresolved issues, including the vulnerability, and NETGEAR have done nothing to address them since 2022.
Meanwhile other models, such as the MS510TXUP and MS510TXM you referenced, have had firmware updates consistently to this date, as have others which are not marked as EOL on that list.
Current MS510TXPP Known Issues that will likely NEVER be addressed:
- The local device UI displays the incorrect number of configured IPv6 routes.
- Multicast forwarding entries are not cleared immediately after the port is shut down.
- When using an AGM734 SFP transceiver on port 10 to connect to a peer that is powered off, the link flaps every 60 seconds.
- When configuring management VLAN other than VLAN 1, the default static IP (192.168.0.239) becomes 0.0.0.0.
Workaround: Use DHCP, or assign a valid static IP address. - If updating firmware through a USB device, the USB device must support the FAT32 file type. The NTFS file type is NOT supported.
- On high speed ports 7 to 10 (5G or 10G), the minimal interface shaping rate is 3.6 Mbps.
- Cable testing when performed on ports 5 to 9 (multi-Gigabit ports):
- Cable status might display “Open at 140 meter” instead of a “good cable” when there is no cable, or when the cable is shorter than 1 meter in length.
- Cable length might display “Length > 140 Meters” for cables shorter than 5 meters.
Last Updated:12/06/2022 | Article ID: 000064831
Squuiid wrote:
"No longer exposable since mid of 2021 -> Pre Authentication Command Injection Vulnerability on Some Smart Switches PSV-2021-0071"
Respectfully, I think you're getting confused about which switch we are discussing here. The MS510TXPP is not listed in that advisory. The MS510TXM and MS510TXUP are very different switches.
Very correct, my bad, sorry. Mind you I'm not Netgear, and don't have any paid or whatever kind of contract with NTGR.
The PSV referred above (dated from May 2021) does clearly indicate that neither Netgewar nor the OEM has taken the responsability required IN TIME (for the suspect vulenrability, and the known issues listed in the RN - well BEFORE the contract run out.
Two years lost and wasted by the reponsible team including the PM at Netgear. Cause: Ignorance or system blind?
-Kurt.
PS: The SHOUT OUT is for NTGR, not for you Squuiid of course.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
