CVE-2017-18805

Vulnerability

A command injection vulnerability exists in the web interface of multiple NETGEAR wireless access point models. Affected devices include WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0 [1]. The vulnerability is due to insufficient sanitization of user-supplied input, allowing injection of operating system commands.

Exploitation

Exploitation requires administrator-level access to the device's web-based management interface. An attacker with valid admin credentials can craft a request with malicious input in certain parameters, leading to command execution on the underlying operating system. No user interaction is required beyond the attacker's own actions [1].

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary commands with root privileges on the affected device. This results in full compromise of confidentiality, integrity, and availability (CVSS v3 Base Score 6.7, vector AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) [1].

Mitigation

NETGEAR has released firmware updates to address this vulnerability. Users should upgrade to the following fixed versions or later: WAC510 (1.3.0.10), WAC120 (2.1.4), WNDAP620 (2.1.3), WND930 (2.1.2), WN604 (3.3.7), WNDAP660 (3.7.4.0), WNDAP350 (3.7.4.0), WNAP320 (3.7.4.0), WNAP210v2 (3.7.4.0), and WNDAP360 (3.7.4.0) [1]. No workarounds are provided; updating firmware is the only recommended mitigation.