CVE-2018-21094

Vulnerability

A security misconfiguration vulnerability affects multiple NETGEAR wireless access point models, including WAC120 (before 2.1.7), WAC505 (before 5.0.5.4), WAC510 (before 5.0.5.4), WNAP320 (before 3.7.11.4), WNAP210v2 (before 3.7.11.4), WNDAP350 (before 3.7.11.4), WNDAP360 (before 3.7.11.4), WNDAP660 (before 3.7.11.4), WNDAP620 (before 2.1.7), WND930 (before 2.1.5), and WN604 (before 3.3.10). The issue involves incorrect configuration of security settings, potentially exposing the devices to unauthorized access and manipulation [1].

Exploitation

An attacker can exploit this vulnerability by accessing the affected access point over the network without requiring prior authentication. The specific attack vector is not described in the available references, but the misconfiguration allows an attacker to bypass security controls [1].

Impact

Successful exploitation could allow an attacker to gain unauthorized access to the device and its management interface, potentially leading to disclosure of sensitive information, modification of device configuration, or disruption of network services [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models: WAC120 (2.1.7), WAC505 and WAC510 (5.0.5.4), WNAP320, WNAP210v2, WNDAP350, WNDAP360, and WNDAP660 (3.7.11.4), WNDAP620 (2.1.7), WND930 (2.1.5), and WN604 (3.3.10). Users should download and install the latest firmware from the NETGEAR Support website as soon as possible [1]. No workarounds are documented.