CVE-2018-21119
Description
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.5.4 and WAC510 before 5.0.5.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NETGEAR WAC505 and WAC510 before firmware 5.0.5.4 contain a post-authentication command injection vulnerability allowing authenticated users to execute arbitrary commands.
Vulnerability
CVE-2018-21119 is a post-authentication command injection vulnerability in NETGEAR WAC505 and WAC510 wireless access points running firmware versions prior to 5.0.5.4. The vulnerability exists in the administrative interface and requires an attacker to have valid credentials to exploit it [1].
Exploitation
An authenticated attacker can exploit this vulnerability by sending specially crafted input to the affected component, likely through the web-based management interface. The attacker must be on the same network (adjacent) and have administrative access. No user interaction is required beyond authentication [1].
Impact
Successful exploitation allows the attacker to inject arbitrary commands, potentially leading to full compromise of the device's confidentiality, integrity, and availability. The CVSS v3 score is 6.8 (Medium) with a vector of AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H [1].
Mitigation
NETGEAR has released firmware version 5.0.5.4 to fix this vulnerability for both WAC505 and WAC510 models. Users should download and install the latest firmware from NETGEAR Support as soon as possible. No workarounds are documented [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- NETGEAR/NETGEAR devicesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.