CVE-2017-18806

Vulnerability

A command injection vulnerability exists in the firmware of multiple NETGEAR wireless access points. The flaw allows an attacker to inject arbitrary operating system commands through the device's management interface. Affected models and firmware versions include: WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0 [1].

Exploitation

An attacker must have authenticated access to the device with administrative privileges (CVSS vector indicates high privileges required). The attack vector is local, meaning the attacker must be able to interact with the device's management interface, either through the web GUI or a local shell. No user interaction is required beyond the initial authentication. The attacker can then inject commands via a vulnerable input field or parameter, leading to execution with root privileges [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands on the device with full system privileges. This results in complete compromise of confidentiality, integrity, and availability (CVSS v3 base score 6.7, vector AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The attacker can read sensitive data, modify device configuration, install malware, or disrupt operations [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models. Users should update to the latest firmware as soon as possible: WAC510 to 1.3.0.10 or later, WAC120 to 2.1.4 or later, WNDAP620 to 2.1.3 or later, WND930 to 2.1.2 or later, WN604 to 3.3.7 or later, WNDAP660 to 3.7.4.0 or later, WNDAP350 to 3.7.4.0 or later, WNAP320 to 3.7.4.0 or later, WNAP210v2 to 3.7.4.0 or later, and WNDAP360 to 3.7.4.0 or later. No workarounds are available; updating firmware is the only mitigation [1].