CVE-2018-21127
Description
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated command injection in NETGEAR WAC505 and WAC510 allows remote attackers to execute arbitrary commands.
Vulnerability
A pre-authentication command injection vulnerability exists in NETGEAR WAC505 and WAC510 wireless access points running firmware versions prior to 5.0.0.17 [1]. An unauthenticated attacker can inject arbitrary commands through a crafted request, as the device fails to properly sanitize input before processing [1].
Exploitation
An attacker with network access to the affected device (adjacent network) can send specially crafted packets to the management interface without requiring authentication or user interaction [1]. The low complexity of the attack means no special conditions are needed beyond network proximity [1].
Impact
Successful exploitation allows an attacker to execute arbitrary commands with elevated privileges, leading to full compromise of the device [1]. This results in high impact to confidentiality, integrity, and availability, as indicated by the CVSS v3 score of 8.8 [1].
Mitigation
NETGEAR has released firmware version 5.0.0.17 to fix this vulnerability [1]. Users should update their WAC505 or WAC510 devices to this version or later immediately. No workarounds are provided; upgrading is the only mitigation [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- NETGEAR/WAC505description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.