CVE-2018-21120

Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability affects multiple NETGEAR wireless access points. The vulnerability exists in the web management interface and allows an attacker to trick an authenticated administrator into executing unintended actions. Affected models and firmware versions include: WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10 [1].

Exploitation

To exploit this vulnerability, an attacker must trick an authenticated administrator into visiting a malicious web page or clicking a crafted link while logged into the device's web interface. The attacker does not need authentication but relies on the victim's valid session. No special network access is required; the attack can be launched from anywhere the victim can access the internet.

Impact

Successful exploitation could allow an attacker to perform actions on the device with the privileges of the authenticated administrator. This could include changing device configuration, modifying network settings, or potentially compromising the entire network. The exact impact depends on the privileges of the victim's session.

Mitigation

NETGEAR has released firmware updates to fix the vulnerability. Users should update to the latest firmware version for their specific device model as listed in the advisory [1]. If firmware cannot be updated immediately, consider implementing network access controls or disabling remote management if not required.