diff --git a/CHANGELOG b/CHANGELOG
index 09a2d681e..1e79f158a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -36,7 +36,7 @@ o Added service probe and UDP payload for Quick UDP Internet Connection (QUIC),
 o [NSE] Enabled resolveall to run against any target provided as a hostname, so
   the resolveall.hosts script-arg is no longer required. [Daniel Miller]
 
-o [NSE] Updated fingerprints for script http-default-accounts with 20 new
+o [NSE] Updated fingerprints for script http-default-accounts with 21 new
   fingerprints. 5 fingerprints have been broadened to cover more variants.
   [nnposter]
 
diff --git a/nselib/data/http-default-accounts-fingerprints.lua b/nselib/data/http-default-accounts-fingerprints.lua
index 633f194e2..d23adecd0 100644
--- a/nselib/data/http-default-accounts-fingerprints.lua
+++ b/nselib/data/http-default-accounts-fingerprints.lua
@@ -777,6 +777,35 @@ table.insert(fingerprints, {
   end
 })
 
+table.insert(fingerprints, {
+  -- Version 2.00.08 on GS108PEv3
+  name = "Netgear ProSafe Plus Switch",
+  category = "routers",
+  paths = {
+    {path = "/"}
+  },
+  target_check = function (host, port, path, response)
+    return response.status == 200
+           and response.body
+           and response.body:find("loginTData", 1, true)
+           and response.body:lower():find("<title>netgear ", 1, true)
+  end,
+  login_combos = {
+    {username = "", password = "password"}
+  },
+  login_check = function (host, port, path, user, pass)
+    local req = http_post_simple(host, port, url.absolute(path, "login.cgi"),
+                                nil, {password=pass})
+    -- successful login is a HTTP/200 that sets cookie xxxSID,
+    -- where xxx is the hardware model, such as GS108SID
+    if req.status ~= 200 then return false end
+    for _, ck in ipairs(req.cookies or {}) do
+      if ck.name:lower():find("sid$") then return true end
+    end
+    return false
+  end
+})
+
 table.insert(fingerprints, {
   name = "Motorola AP-7532",
   category = "routers",