VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 22, 2020· Updated Aug 5, 2024

CVE-2018-21126

CVE-2018-21126

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NETGEAR WAC505 and WAC510 access points before firmware 5.0.0.17 are vulnerable to pre-authentication command injection, allowing unauthenticated attackers to execute arbitrary commands.

Vulnerability

A pre-authentication command injection vulnerability exists in NETGEAR WAC505 and WAC510 wireless access points running firmware versions prior to 5.0.0.17 [1]. The vulnerability allows an unauthenticated attacker to inject arbitrary operating system commands through a specially crafted request to the device's management interface.

Exploitation

An attacker with network adjacency to the vulnerable access point can exploit this vulnerability without any authentication [1]. The attacker sends a crafted request containing injected commands to the device's management interface, which is then executed by the underlying system. No user interaction is required.

Impact

Successful exploitation allows an unauthenticated attacker to execute arbitrary commands on the device with full system privileges [1]. The CVSS v3 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates a high impact on confidentiality, integrity, and availability, resulting in complete compromise of the affected access point.

Mitigation

NETGEAR has released firmware version 5.0.0.17 for both WAC505 and WAC510 to address this vulnerability [1]. Users are strongly advised to update to the latest firmware as soon as possible. No workarounds are available for this issue.

References
  1. Security Advisory for Pre-Authentication Command Injection on Some Wireless Access Points, PSV-2018-0262

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.