NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
sveinse
Apr 19, 2025Aspirant
SSDP multicast leakage across VLAN on GS308EP
Setup Switch is in Advanced 802.1Q VLAN mode Port 1-6 connected to VLAN 1. Port 1-6 untagged, port 7-8 exclude. Port 7-8 connected to VLAN 2. Port 1-6 exclude, port 7-8 is untagged. Port 1-6 PVI...
- Jul 01, 2025
If anyone arrives at this page:
I reached out to NG support, and the issue have been fixed. They have released a new firmware for the switch that can be downloaded here:
https://kb.netgear.com/000066737/GS308EP-Firmware-Version-2-0-0-5
sveinse
Apr 23, 2025Aspirant
I've tested more and I'm now getting confident this is a bug in the switch!
It sends IP multicast messages between independent VLAN1 to VLAN2. This is an unexpected error. Arbitrary formatted messages with destination address to any IP address of "<224-239>.<1-255>.255.250" to port 1900 are broadcast across the VLANs. The communication works both ways. This can be used to create backdoor communication between any of the 4080 open IPs between the VLANs.
The 239.255.255.250:1900 is used for SSDP which is UPnP protocol for advertising availability of equipment. The described behavior is effectively:
- Sending IP addresses between VLANs
- Sending presence and status of UPnP equipment
- Can be used as a unsolicited data channel between the VLANs
How to repro the error:
- Configure two independent VLAN 1 and VLAN 2 that share no common ports
- Insert computer1 (generator) into a VLAN 1 port
- Insert computer2 (observer) into a VLAN 2 port
- Computer 1: Send UDP datagram with payload "foobar" to IP 224.255.255.240 UDP port 1900
- Computer 2: Observe with wireshark the reception of the UDP "foobar" message from IP of computer 1 and destination to selected multicast IP
I've tested a lot of different settings, IGMP on/off, UPnP on/off to no avail. I've tested firmware reset of the device without any resolution.
Where should error reports like this be reported?
- FURRYe38Apr 24, 2025Guru - Experienced User
Something to make contact with NG support about.
- sveinseApr 24, 2025Aspirant
Exactly how do I reach out to Netgear support? It seems they only accept vulnerabilities through Bugcrowd for select products and not this product.
- FURRYe38Apr 24, 2025Guru - Experienced User
Try thru NG official support site:
https://my.netgear.com/support/contact.aspx
https://www.netgear.com/support/contact.aspx
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!