NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Prosafe Plus Vulnerabilities
I have several ProSafe Plus managed switches. I really like the ease of configuration and they have been very reliable, but there appear to be critical vulnerabilities wherein the device could be easily and completely hacked from any port.
What are my options?
- Is NetGear planning to patch these vulnerabilities
(i.e. sit tight and wait for the update)? - Disable management features and only use them as unmanaged switches?
- Use them as managed switches, but only for internal devices without internet exposure
(i.e. don't a webserver or anything externally exposed to any port)? - Toss the switches and buy something newer?
The critical vulnerabilities are caused by the Netgear Switch Discovery Protocol (also used for the NSDPclient aka. Prosafe Plus Configuration Utility). By default, the NSDP management capabilities were disabled along with the updates (only the discovery remains available), the other listed vulnerabilities were fixed in the code, already before these let's-make-a-lot-of-noise-and scare flooded the "news".
Re-enabling and using NSDP and the depreciated Prosafe Plus Configuration Utility is only required for some special tasks on very few models.
Said this, very early "E" models don't offer any or a complete Web UI - this denies the workaround, so workarounds as per your ideas might be required.
PS. Have requested a moderator to move this thread to the appropriate Smart Plus And Smart Pro Managed Switches Forum.
1 Reply
The critical vulnerabilities are caused by the Netgear Switch Discovery Protocol (also used for the NSDPclient aka. Prosafe Plus Configuration Utility). By default, the NSDP management capabilities were disabled along with the updates (only the discovery remains available), the other listed vulnerabilities were fixed in the code, already before these let's-make-a-lot-of-noise-and scare flooded the "news".
Re-enabling and using NSDP and the depreciated Prosafe Plus Configuration Utility is only required for some special tasks on very few models.
Said this, very early "E" models don't offer any or a complete Web UI - this denies the workaround, so workarounds as per your ideas might be required.
PS. Have requested a moderator to move this thread to the appropriate Smart Plus And Smart Pro Managed Switches Forum.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
