CVE-2018-21096

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of multiple NETGEAR wireless access points [1]. Affected models include WAC120 (before firmware 2.1.7), WAC505 (before 5.0.5.4), WAC510 (before 5.0.5.4), WNAP320 (before 3.7.11.4), WNAP210v2 (before 3.7.11.4), WNDAP350 (before 3.7.11.4), WNDAP360 (before 3.7.11.4), WNDAP660 (before 3.7.11.4), WNDAP620 (before 2.1.7), WND930 (before 2.1.5), and WN604 (before 3.3.10). The vulnerability allows an attacker to trick an authenticated administrator into performing unintended actions.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious web page or link that, when visited by an authenticated administrator of the affected device, triggers a cross-site request. The attacker does not need network access to the device itself, only the ability to deliver the malicious payload to the administrator's browser. The administrator must be logged into the device's web interface at the time of the attack.

Impact

Successful exploitation allows the attacker to perform actions on the device with the privileges of the authenticated administrator. This could include changing configuration settings, modifying security policies, or other administrative actions, potentially leading to a compromise of the device's security.

Mitigation

NETGEAR has released firmware updates to fix this vulnerability [1]. Users should update to the following versions or later: WAC120 to 2.1.7, WAC505 to 5.0.5.4, WAC510 to 5.0.5.4, WNAP320 to 3.7.11.4, WNAP210v2 to 3.7.11.4, WNDAP350 to 3.7.11.4, WNDAP360 to 3.7.11.4, WNDAP660 to 3.7.11.4, WNDAP620 to 2.1.7, WND930 to 2.1.5, and WN604 to 3.3.10. The firmware can be downloaded from NETGEAR Support. No workarounds are mentioned in the advisory.