What if authentication was optional? That seems to be the case here where the Netgear Switch Discovery Protocol, a UDP based protocol where each datagram is a header following by a Type Length Value (TLV) chain. The expectation is that all of the “get” commands can be used without authentication but that “set” commands should send the password authentication entry (Type 10) as the first part of the TLV chain. The /sqfs/bin/sccd daemon that implements the protocol does not enforce this however. So an attacker can send the “set” TLV for changing the password (type 9) to set the password without first authenticating.