- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Prosafe Plus Vulnerabilities
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have several ProSafe Plus managed switches. I really like the ease of configuration and they have been very reliable, but there appear to be critical vulnerabilities wherein the device could be easily and completely hacked from any port.
What are my options?
- Is NetGear planning to patch these vulnerabilities
(i.e. sit tight and wait for the update)? - Disable management features and only use them as unmanaged switches?
- Use them as managed switches, but only for internal devices without internet exposure
(i.e. don't a webserver or anything externally exposed to any port)? - Toss the switches and buy something newer?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The critical vulnerabilities are caused by the Netgear Switch Discovery Protocol (also used for the NSDPclient aka. Prosafe Plus Configuration Utility). By default, the NSDP management capabilities were disabled along with the updates (only the discovery remains available), the other listed vulnerabilities were fixed in the code, already before these let's-make-a-lot-of-noise-and scare flooded the "news".
Re-enabling and using NSDP and the depreciated Prosafe Plus Configuration Utility is only required for some special tasks on very few models.
Said this, very early "E" models don't offer any or a complete Web UI - this denies the workaround, so workarounds as per your ideas might be required.
PS. Have requested a moderator to move this thread to the appropriate Smart Plus And Smart Pro Managed Switches Forum.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The critical vulnerabilities are caused by the Netgear Switch Discovery Protocol (also used for the NSDPclient aka. Prosafe Plus Configuration Utility). By default, the NSDP management capabilities were disabled along with the updates (only the discovery remains available), the other listed vulnerabilities were fixed in the code, already before these let's-make-a-lot-of-noise-and scare flooded the "news".
Re-enabling and using NSDP and the depreciated Prosafe Plus Configuration Utility is only required for some special tasks on very few models.
Said this, very early "E" models don't offer any or a complete Web UI - this denies the workaround, so workarounds as per your ideas might be required.
PS. Have requested a moderator to move this thread to the appropriate Smart Plus And Smart Pro Managed Switches Forum.