This leads to admin session crafting and therefore gaining full web UI admin privileges by an unauthenticated attacker. Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field, which - due to several faulty aspects of the authentication scheme - allows the attacker to create (or overwrite) a file with specific content (e.g., the '2' string).
